package com.unboundid.util.ssl;

import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.util.Debug;
import com.unboundid.util.NotNull;
import com.unboundid.util.Nullable;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.Validator;
import java.io.IOException;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
/* loaded from: classes.dex */
public final class SSLUtil {

    @NotNull
    private static final AtomicReference<String> DEFAULT_SSL_PROTOCOL = new AtomicReference<>("TLSv1");

    @NotNull
    private static final AtomicReference<Set<String>> ENABLED_SSL_CIPHER_SUITES = new AtomicReference<>();

    @NotNull
    private static final AtomicReference<Set<String>> ENABLED_SSL_PROTOCOLS = new AtomicReference<>();

    @NotNull
    public static final String PROPERTY_DEFAULT_SSL_PROTOCOL = "com.unboundid.util.SSLUtil.defaultSSLProtocol";

    @NotNull
    public static final String PROPERTY_ENABLED_SSL_CIPHER_SUITES = "com.unboundid.util.SSLUtil.enabledSSLCipherSuites";

    @NotNull
    public static final String PROPERTY_ENABLED_SSL_PROTOCOLS = "com.unboundid.util.SSLUtil.enabledSSLProtocols";

    @NotNull
    public static final String SSL_PROTOCOL_SSL_2_HELLO = "SSLv2Hello";

    @NotNull
    public static final String SSL_PROTOCOL_SSL_3 = "SSLv3";

    @NotNull
    public static final String SSL_PROTOCOL_TLS_1 = "TLSv1";

    @NotNull
    public static final String SSL_PROTOCOL_TLS_1_1 = "TLSv1.1";

    @NotNull
    public static final String SSL_PROTOCOL_TLS_1_2 = "TLSv1.2";

    @NotNull
    public static final String SSL_PROTOCOL_TLS_1_3 = "TLSv1.3";

    @Nullable
    private final KeyManager[] keyManagers;

    @Nullable
    private final TrustManager[] trustManagers;

    static {
        configureSSLDefaults();
    }

    public SSLUtil() {
        this.keyManagers = null;
        this.trustManagers = null;
    }

    public SSLUtil(@Nullable KeyManager keyManager, @Nullable TrustManager trustManager) {
        if (keyManager == null) {
            this.keyManagers = null;
        } else {
            this.keyManagers = new KeyManager[]{keyManager};
        }
        if (trustManager == null) {
            this.trustManagers = null;
        } else {
            this.trustManagers = new TrustManager[]{trustManager};
        }
    }

    public SSLUtil(@Nullable TrustManager trustManager) {
        this.keyManagers = null;
        if (trustManager == null) {
            this.trustManagers = null;
        } else {
            this.trustManagers = new TrustManager[]{trustManager};
        }
    }

    public SSLUtil(@Nullable KeyManager[] keyManagerArr, @Nullable TrustManager[] trustManagerArr) {
        if (keyManagerArr == null || keyManagerArr.length == 0) {
            this.keyManagers = null;
        } else {
            this.keyManagers = keyManagerArr;
        }
        if (trustManagerArr == null || trustManagerArr.length == 0) {
            this.trustManagers = null;
        } else {
            this.trustManagers = trustManagerArr;
        }
    }

    public SSLUtil(@Nullable TrustManager[] trustManagerArr) {
        this.keyManagers = null;
        if (trustManagerArr == null || trustManagerArr.length == 0) {
            this.trustManagers = null;
        } else {
            this.trustManagers = trustManagerArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void applyEnabledSSLCipherSuites(@Nullable ServerSocket serverSocket, @NotNull Set<String> set) throws IOException {
        if (serverSocket == null || !(serverSocket instanceof SSLServerSocket) || set.isEmpty()) {
            return;
        }
        SSLServerSocket sSLServerSocket = (SSLServerSocket) serverSocket;
        try {
            sSLServerSocket.setEnabledCipherSuites(getSSLCipherSuitesToEnable(set, sSLServerSocket.getSupportedCipherSuites()));
        } catch (Exception e) {
            Debug.debugException(e);
        }
    }

    public static void applyEnabledSSLCipherSuites(@NotNull Socket socket) throws LDAPException {
        try {
            applyEnabledSSLCipherSuites(socket, ENABLED_SSL_CIPHER_SUITES.get());
        } catch (IOException e) {
            Debug.debugException(e);
            throw new LDAPException(ResultCode.CONNECT_ERROR, e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void applyEnabledSSLCipherSuites(@Nullable Socket socket, @NotNull Set<String> set) throws IOException {
        if (socket == null || !(socket instanceof SSLSocket) || set.isEmpty()) {
            return;
        }
        SSLSocket sSLSocket = (SSLSocket) socket;
        try {
            sSLSocket.setEnabledCipherSuites(getSSLCipherSuitesToEnable(set, sSLSocket.getSupportedCipherSuites()));
        } catch (Exception e) {
            Debug.debugException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void applyEnabledSSLProtocols(@Nullable ServerSocket serverSocket, @NotNull Set<String> set) throws IOException {
        if (serverSocket == null || !(serverSocket instanceof SSLServerSocket) || set.isEmpty()) {
            return;
        }
        SSLServerSocket sSLServerSocket = (SSLServerSocket) serverSocket;
        try {
            sSLServerSocket.setEnabledProtocols(getSSLProtocolsToEnable(set, sSLServerSocket.getSupportedProtocols()));
        } catch (Exception e) {
            Debug.debugException(e);
        }
    }

    public static void applyEnabledSSLProtocols(@NotNull Socket socket) throws LDAPException {
        try {
            applyEnabledSSLProtocols(socket, ENABLED_SSL_PROTOCOLS.get());
        } catch (IOException e) {
            Debug.debugException(e);
            throw new LDAPException(ResultCode.CONNECT_ERROR, e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void applyEnabledSSLProtocols(@Nullable Socket socket, @NotNull Set<String> set) throws IOException {
        if (socket == null || !(socket instanceof SSLSocket) || set.isEmpty()) {
            return;
        }
        SSLSocket sSLSocket = (SSLSocket) socket;
        try {
            sSLSocket.setEnabledProtocols(getSSLProtocolsToEnable(set, sSLSocket.getSupportedProtocols()));
        } catch (Exception e) {
            Debug.debugException(e);
        }
    }

    @NotNull
    public static String certificateToString(@NotNull X509Certificate x509Certificate) {
        StringBuilder sb = new StringBuilder();
        certificateToString(x509Certificate, sb);
        return sb.toString();
    }

    public static void certificateToString(@NotNull X509Certificate x509Certificate, @NotNull StringBuilder sb) {
        sb.append("Certificate(subject='");
        sb.append(x509Certificate.getSubjectX500Principal().getName("RFC2253"));
        sb.append("', serialNumber=");
        sb.append(x509Certificate.getSerialNumber());
        sb.append(", notBefore=");
        StaticUtils.encodeGeneralizedTime(x509Certificate.getNotBefore());
        sb.append(", notAfter=");
        StaticUtils.encodeGeneralizedTime(x509Certificate.getNotAfter());
        sb.append(", signatureAlgorithm='");
        sb.append(x509Certificate.getSigAlgName());
        sb.append("', signatureBytes='");
        StaticUtils.toHex(x509Certificate.getSignature(), sb);
        sb.append("', issuerSubject='");
        sb.append(x509Certificate.getIssuerX500Principal().getName("RFC2253"));
        sb.append("')");
    }

    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:56:0x0062 -> B:44:0x0065). Please report as a decompilation issue!!! */
    static void configureSSLDefaults() {
        String systemProperty = StaticUtils.getSystemProperty(PROPERTY_DEFAULT_SSL_PROTOCOL);
        if (systemProperty == null || systemProperty.isEmpty()) {
            try {
                LinkedHashSet linkedHashSet = new LinkedHashSet(Arrays.asList(SSLContext.getDefault().getSupportedSSLParameters().getProtocols()));
                if (linkedHashSet.contains(SSL_PROTOCOL_TLS_1_3)) {
                    DEFAULT_SSL_PROTOCOL.set(SSL_PROTOCOL_TLS_1_3);
                } else if (linkedHashSet.contains("TLSv1.2")) {
                    DEFAULT_SSL_PROTOCOL.set("TLSv1.2");
                } else if (linkedHashSet.contains("TLSv1.1")) {
                    DEFAULT_SSL_PROTOCOL.set("TLSv1.1");
                } else if (linkedHashSet.contains("TLSv1")) {
                    DEFAULT_SSL_PROTOCOL.set("TLSv1");
                }
            } catch (Exception e) {
                Debug.debugException(e);
            }
        } else {
            DEFAULT_SSL_PROTOCOL.set(systemProperty);
        }
        LinkedHashSet linkedHashSet2 = new LinkedHashSet(StaticUtils.computeMapCapacity(10));
        AtomicReference<String> atomicReference = DEFAULT_SSL_PROTOCOL;
        if (atomicReference.get().equals(SSL_PROTOCOL_TLS_1_3)) {
            linkedHashSet2.add(SSL_PROTOCOL_TLS_1_3);
            linkedHashSet2.add("TLSv1.2");
            linkedHashSet2.add("TLSv1.1");
        } else if (atomicReference.get().equals("TLSv1.2")) {
            linkedHashSet2.add("TLSv1.2");
            linkedHashSet2.add("TLSv1.1");
        } else if (atomicReference.get().equals("TLSv1.1")) {
            linkedHashSet2.add("TLSv1.1");
        }
        linkedHashSet2.add("TLSv1");
        String systemProperty2 = StaticUtils.getSystemProperty(PROPERTY_ENABLED_SSL_PROTOCOLS);
        if (systemProperty2 != null && !systemProperty2.isEmpty()) {
            linkedHashSet2.clear();
            StringTokenizer stringTokenizer = new StringTokenizer(systemProperty2, ", ", false);
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                if (!nextToken.isEmpty()) {
                    linkedHashSet2.add(nextToken);
                }
            }
        }
        ENABLED_SSL_PROTOCOLS.set(Collections.unmodifiableSet(linkedHashSet2));
        ENABLED_SSL_CIPHER_SUITES.set(TLSCipherSuiteSelector.getRecommendedCipherSuites());
        String systemProperty3 = StaticUtils.getSystemProperty(PROPERTY_ENABLED_SSL_CIPHER_SUITES);
        if (systemProperty3 == null || systemProperty3.isEmpty()) {
            return;
        }
        LinkedHashSet linkedHashSet3 = new LinkedHashSet(StaticUtils.computeMapCapacity(50));
        StringTokenizer stringTokenizer2 = new StringTokenizer(systemProperty3, ", ", false);
        while (stringTokenizer2.hasMoreTokens()) {
            String nextToken2 = stringTokenizer2.nextToken();
            if (!nextToken2.isEmpty()) {
                linkedHashSet3.add(nextToken2);
            }
        }
        if (linkedHashSet3.isEmpty()) {
            return;
        }
        ENABLED_SSL_CIPHER_SUITES.set(Collections.unmodifiableSet(linkedHashSet3));
    }

    @NotNull
    public static String getDefaultSSLProtocol() {
        return DEFAULT_SSL_PROTOCOL.get();
    }

    @NotNull
    public static Set<String> getEnabledSSLCipherSuites() {
        return ENABLED_SSL_CIPHER_SUITES.get();
    }

    @NotNull
    public static Set<String> getEnabledSSLProtocols() {
        return ENABLED_SSL_PROTOCOLS.get();
    }

    @NotNull
    private static String[] getSSLCipherSuitesToEnable(@NotNull Set<String> set, @NotNull String[] strArr) throws IOException {
        LinkedHashSet linkedHashSet = new LinkedHashSet(StaticUtils.computeMapCapacity(set.size()));
        Iterator<String> it2 = set.iterator();
        while (it2.hasNext()) {
            linkedHashSet.add(StaticUtils.toUpperCase(it2.next()));
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (linkedHashSet.contains(StaticUtils.toUpperCase(str))) {
                arrayList.add(str);
            }
        }
        if (!arrayList.isEmpty()) {
            return (String[]) arrayList.toArray(StaticUtils.NO_STRINGS);
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it3 = set.iterator();
        while (it3.hasNext()) {
            sb.append('\'');
            sb.append(it3.next());
            sb.append('\'');
            if (it3.hasNext()) {
                sb.append(", ");
            }
        }
        StringBuilder sb2 = new StringBuilder();
        for (int i = 0; i < strArr.length; i++) {
            if (i > 0) {
                sb2.append(", ");
            }
            sb2.append('\'');
            sb2.append(strArr[i]);
            sb2.append('\'');
        }
        throw new IOException(SSLMessages.ERR_NO_ENABLED_SSL_CIPHER_SUITES_AVAILABLE_FOR_SOCKET.get(sb.toString(), sb2.toString(), PROPERTY_ENABLED_SSL_CIPHER_SUITES, SSLUtil.class.getName() + ".setEnabledSSLCipherSuites"));
    }

    @NotNull
    private static String[] getSSLProtocolsToEnable(@NotNull Set<String> set, @NotNull String[] strArr) throws IOException {
        LinkedHashSet linkedHashSet = new LinkedHashSet(StaticUtils.computeMapCapacity(set.size()));
        Iterator<String> it2 = set.iterator();
        while (it2.hasNext()) {
            linkedHashSet.add(StaticUtils.toLowerCase(it2.next()));
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (linkedHashSet.contains(StaticUtils.toLowerCase(str))) {
                arrayList.add(str);
            }
        }
        if (!arrayList.isEmpty()) {
            return (String[]) arrayList.toArray(StaticUtils.NO_STRINGS);
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it3 = set.iterator();
        while (it3.hasNext()) {
            sb.append('\'');
            sb.append(it3.next());
            sb.append('\'');
            if (it3.hasNext()) {
                sb.append(", ");
            }
        }
        StringBuilder sb2 = new StringBuilder();
        for (int i = 0; i < strArr.length; i++) {
            if (i > 0) {
                sb2.append(", ");
            }
            sb2.append('\'');
            sb2.append(strArr[i]);
            sb2.append('\'');
        }
        throw new IOException(SSLMessages.ERR_NO_ENABLED_SSL_PROTOCOLS_AVAILABLE_FOR_SOCKET.get(sb.toString(), sb2.toString(), PROPERTY_ENABLED_SSL_PROTOCOLS, SSLUtil.class.getName() + ".setEnabledSSLProtocols"));
    }

    public static void setDefaultSSLProtocol(@NotNull String str) {
        Validator.ensureNotNull(str);
        DEFAULT_SSL_PROTOCOL.set(str);
    }

    public static void setEnabledSSLCipherSuites(@Nullable Collection<String> collection) {
        if (collection == null) {
            ENABLED_SSL_CIPHER_SUITES.set(Collections.emptySet());
        } else {
            ENABLED_SSL_CIPHER_SUITES.set(Collections.unmodifiableSet(new LinkedHashSet(collection)));
        }
    }

    public static void setEnabledSSLProtocols(@Nullable Collection<String> collection) {
        if (collection == null) {
            ENABLED_SSL_PROTOCOLS.set(Collections.emptySet());
        } else {
            ENABLED_SSL_PROTOCOLS.set(Collections.unmodifiableSet(new LinkedHashSet(collection)));
        }
    }

    @NotNull
    public SSLContext createSSLContext() throws GeneralSecurityException {
        return createSSLContext(DEFAULT_SSL_PROTOCOL.get());
    }

    @NotNull
    public SSLContext createSSLContext(@NotNull String str) throws GeneralSecurityException {
        Validator.ensureNotNull(str);
        SSLContext sSLContext = SSLContext.getInstance(str);
        sSLContext.init(this.keyManagers, this.trustManagers, null);
        return sSLContext;
    }

    @NotNull
    public SSLContext createSSLContext(@NotNull String str, @NotNull String str2) throws GeneralSecurityException {
        Validator.ensureNotNull(str, str2);
        SSLContext sSLContext = SSLContext.getInstance(str, str2);
        sSLContext.init(this.keyManagers, this.trustManagers, null);
        return sSLContext;
    }

    @NotNull
    public SSLServerSocketFactory createSSLServerSocketFactory() throws GeneralSecurityException {
        return new SetEnabledProtocolsAndCipherSuitesSSLServerSocketFactory(createSSLContext().getServerSocketFactory(), ENABLED_SSL_PROTOCOLS.get(), ENABLED_SSL_CIPHER_SUITES.get());
    }

    @NotNull
    public SSLServerSocketFactory createSSLServerSocketFactory(@NotNull String str) throws GeneralSecurityException {
        return new SetEnabledProtocolsAndCipherSuitesSSLServerSocketFactory(createSSLContext(str).getServerSocketFactory(), str, ENABLED_SSL_CIPHER_SUITES.get());
    }

    @NotNull
    public SSLServerSocketFactory createSSLServerSocketFactory(@NotNull String str, @NotNull String str2) throws GeneralSecurityException {
        return createSSLContext(str, str2).getServerSocketFactory();
    }

    @NotNull
    public SSLSocketFactory createSSLSocketFactory() throws GeneralSecurityException {
        return new SetEnabledProtocolsAndCipherSuitesSSLSocketFactory(createSSLContext().getSocketFactory(), ENABLED_SSL_PROTOCOLS.get(), ENABLED_SSL_CIPHER_SUITES.get());
    }

    @NotNull
    public SSLSocketFactory createSSLSocketFactory(@NotNull String str) throws GeneralSecurityException {
        return new SetEnabledProtocolsAndCipherSuitesSSLSocketFactory(createSSLContext(str).getSocketFactory(), str, ENABLED_SSL_CIPHER_SUITES.get());
    }

    @NotNull
    public SSLSocketFactory createSSLSocketFactory(@NotNull String str, @NotNull String str2) throws GeneralSecurityException {
        return createSSLContext(str, str2).getSocketFactory();
    }

    @Nullable
    public KeyManager[] getKeyManagers() {
        return this.keyManagers;
    }

    @Nullable
    public TrustManager[] getTrustManagers() {
        return this.trustManagers;
    }
}
