package com.fisec.jsse.provider;

import com.fisec.jsse.FMX509ExtendedKeyManager;
import com.fisec.jsse.FMX509ExtendedTrustManager;
import com.fisec.jsse.java.security.FMAlgorithmConstraints;
import com.fisec.jsse.java.security.FMCryptoPrimitive;
import fisec.d6;
import fisec.dc;
import fisec.i;
import fisec.l0;
import fisec.y2;
import fisec.y9;
import fisec.z9;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.jivesoftware.smack.util.TLSUtils;

/* loaded from: classes2.dex */
public class ProvSSLContextSpi extends SSLContextSpi {
    public static final String PROPERTY_CLIENT_PROTOCOLS = "jdk.tls.client.protocols";
    public static final String PROPERTY_SERVER_PROTOCOLS = "jdk.tls.server.protocols";
    public ContextData contextData = null;
    public final z9 cryptoProvider;
    public final String[] defaultCipherSuites;
    public final String[] defaultProtocolsClient;
    public final String[] defaultProtocolsServer;
    public final boolean isInFipsMode;
    public final Map<String, CipherSuiteInfo> supportedCipherSuites;
    public final Map<String, y2> supportedProtocols;
    public static final Logger LOG = Logger.getLogger(ProvSSLContextSpi.class.getName());
    public static final Set<FMCryptoPrimitive> TLS_CRYPTO_PRIMITIVES_BC = JsseUtils.KEY_AGREEMENT_CRYPTO_PRIMITIVES_BC;
    public static final Map<String, CipherSuiteInfo> SUPPORTED_CIPHERSUITE_MAP = createSupportedCipherSuiteMap();
    public static final Map<String, CipherSuiteInfo> SUPPORTED_CIPHERSUITE_MAP_FIPS = createSupportedCipherSuiteMapFips(SUPPORTED_CIPHERSUITE_MAP);
    public static final Map<String, y2> SUPPORTED_PROTOCOL_MAP = createSupportedProtocolMap();
    public static final Map<String, y2> SUPPORTED_PROTOCOL_MAP_FIPS = createSupportedProtocolMapFips(SUPPORTED_PROTOCOL_MAP);
    public static final List<String> DEFAULT_CIPHERSUITE_LIST = createDefaultCipherSuiteList(SUPPORTED_CIPHERSUITE_MAP.keySet());
    public static final List<String> DEFAULT_CIPHERSUITE_LIST_FIPS = createDefaultCipherSuiteListFips(DEFAULT_CIPHERSUITE_LIST);
    public static final String[] DEFAULT_ENABLED_PROTOCOLS = {TLSUtils.PROTO_TLSV1_2, TLSUtils.PROTO_TLSV1_1, TLSUtils.PROTO_TLSV1};
    public static final Map<String, y2> SUPPORTED_PROTOCOL_MAP_GMSSL = createSupportedProtocolMapGMSSL();
    public static final Map<String, y2> SUPPORTED_PROTOCOL_MAP_FIPS_GMSSL = createSupportedProtocolMapFips(SUPPORTED_PROTOCOL_MAP_GMSSL);
    public static final String[] DEFAULT_ENABLED_PROTOCOLS_GMSSL = {"GMSSLv1.1"};

    public ProvSSLContextSpi(boolean z, boolean z2, z9 z9Var, String[] strArr) {
        this.isInFipsMode = z2;
        this.cryptoProvider = z9Var;
        this.supportedCipherSuites = z2 ? SUPPORTED_CIPHERSUITE_MAP_FIPS : SUPPORTED_CIPHERSUITE_MAP;
        this.supportedProtocols = z ? z2 ? SUPPORTED_PROTOCOL_MAP_FIPS_GMSSL : SUPPORTED_PROTOCOL_MAP_GMSSL : z2 ? SUPPORTED_PROTOCOL_MAP_FIPS : SUPPORTED_PROTOCOL_MAP;
        this.defaultCipherSuites = getDefaultEnabledCipherSuites(z2);
        this.defaultProtocolsClient = getDefaultEnabledProtocolsClient(z, this.supportedProtocols, strArr);
        this.defaultProtocolsServer = getDefaultEnabledProtocolsServer(z, this.supportedProtocols);
    }

    public static void addCipherSuite(Map<String, CipherSuiteInfo> map, String str, int i) {
        addCipherSuite(map, str, i, false);
    }

    public static void addCipherSuite(Map<String, CipherSuiteInfo> map, String str, int i, boolean z) {
        if (map.put(str, CipherSuiteInfo.forCipherSuite(i, str, z)) != null) {
            throw new IllegalStateException("Duplicate names in supported-cipher-suites");
        }
    }

    public static void addCipherSuite13(Map<String, CipherSuiteInfo> map, String str, int i) {
        addCipherSuite(map, str, i, true);
    }

    public static List<String> createDefaultCipherSuiteList(Set<String> set) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("ECDHE_SM1_SM3");
        arrayList.add("ECC_SM1_SM3");
        arrayList.add("IBSDH_SM1_SM3");
        arrayList.add("IBC_SM1_SM3");
        arrayList.add("RSA_SM1_SM3");
        arrayList.add("RSA_SM1_SHA1");
        arrayList.add("ECDHE_SM4_SM3");
        arrayList.add(i.f13370a);
        arrayList.add("IBSDH_SM4_SM3");
        arrayList.add("IBC_SM4_SM3");
        arrayList.add("RSA_SM4_SM3");
        arrayList.add("RSA_SM4_SHA1");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
        arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
        arrayList.add("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
        arrayList.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
        arrayList.add("TLS_RSA_WITH_AES_256_GCM_SHA384");
        arrayList.add("TLS_RSA_WITH_AES_128_GCM_SHA256");
        arrayList.add("TLS_RSA_WITH_AES_256_CBC_SHA256");
        arrayList.add("TLS_RSA_WITH_AES_128_CBC_SHA256");
        arrayList.add("TLS_RSA_WITH_AES_256_CBC_SHA");
        arrayList.add("TLS_RSA_WITH_AES_128_CBC_SHA");
        arrayList.retainAll(set);
        arrayList.trimToSize();
        return Collections.unmodifiableList(arrayList);
    }

    public static List<String> createDefaultCipherSuiteListFips(List<String> list) {
        ArrayList arrayList = new ArrayList(list);
        FipsUtils.removeNonFipsCipherSuites(arrayList);
        arrayList.trimToSize();
        return Collections.unmodifiableList(arrayList);
    }

    public static Map<String, CipherSuiteInfo> createSupportedCipherSuiteMap() {
        TreeMap treeMap = new TreeMap();
        addCipherSuite(treeMap, "ECDHE_SM1_SM3", l0.j5);
        addCipherSuite(treeMap, "ECC_SM1_SM3", l0.k5);
        addCipherSuite(treeMap, "IBSDH_SM1_SM3", l0.l5);
        addCipherSuite(treeMap, "IBC_SM1_SM3", l0.m5);
        addCipherSuite(treeMap, "RSA_SM1_SM3", l0.n5);
        addCipherSuite(treeMap, "RSA_SM1_SHA1", l0.o5);
        addCipherSuite(treeMap, "ECDHE_SM4_SM3", l0.p5);
        addCipherSuite(treeMap, i.f13370a, l0.q5);
        addCipherSuite(treeMap, "IBSDH_SM4_SM3", l0.r5);
        addCipherSuite(treeMap, "IBC_SM4_SM3", l0.s5);
        addCipherSuite(treeMap, "RSA_SM4_SM3", l0.t5);
        addCipherSuite(treeMap, "RSA_SM4_SHA1", l0.u5);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 19);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 50);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 64);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 162);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 56);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 106);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 163);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", l0.M2);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", l0.g3);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", l0.N2);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", l0.h3);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 68);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 189);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", l0.W3);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 135);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 195);
        addCipherSuite(treeMap, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", l0.X3);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 22);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 51);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 103);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_AES_128_CCM", l0.A4);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_AES_128_CCM_8", l0.E4);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 158);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 57);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 107);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_AES_256_CCM", l0.B4);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_AES_256_CCM_8", l0.F4);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 159);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", l0.O2);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", l0.c3);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", l0.P2);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", l0.d3);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 69);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 190);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", l0.S3);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 136);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 196);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", l0.T3);
        addCipherSuite(treeMap, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", l0.V4);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", l0.L0);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", l0.M0);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", l0.O1);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM", l0.O4);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", l0.Q4);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", l0.W1);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", l0.N0);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", l0.P1);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", l0.P4);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", l0.R4);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", l0.X1);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", l0.S2);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", l0.m3);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", l0.T2);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", l0.n3);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", l0.I3);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", l0.c4);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", l0.J3);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", l0.d4);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", l0.U4);
        addCipherSuite(treeMap, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", l0.J0);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", l0.V0);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", l0.W0);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", l0.S1);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", l0.a2);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", l0.X0);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", l0.T1);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", l0.b2);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", l0.W2);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", l0.q3);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", l0.X2);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", l0.r3);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", l0.M3);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", l0.g4);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", l0.N3);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", l0.h4);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", l0.T4);
        addCipherSuite(treeMap, "TLS_ECDHE_RSA_WITH_NULL_SHA", l0.T0);
        addCipherSuite(treeMap, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", 10);
        addCipherSuite(treeMap, "TLS_RSA_WITH_AES_128_CBC_SHA", 47);
        addCipherSuite(treeMap, "TLS_RSA_WITH_AES_128_CBC_SHA256", 60);
        addCipherSuite(treeMap, "TLS_RSA_WITH_AES_128_CCM", l0.y4);
        addCipherSuite(treeMap, "TLS_RSA_WITH_AES_128_CCM_8", l0.C4);
        addCipherSuite(treeMap, "TLS_RSA_WITH_AES_128_GCM_SHA256", 156);
        addCipherSuite(treeMap, "TLS_RSA_WITH_AES_256_CBC_SHA", 53);
        addCipherSuite(treeMap, "TLS_RSA_WITH_AES_256_CBC_SHA256", 61);
        addCipherSuite(treeMap, "TLS_RSA_WITH_AES_256_CCM", l0.z4);
        addCipherSuite(treeMap, "TLS_RSA_WITH_AES_256_CCM_8", l0.D4);
        addCipherSuite(treeMap, "TLS_RSA_WITH_AES_256_GCM_SHA384", 157);
        addCipherSuite(treeMap, "TLS_RSA_WITH_ARIA_128_CBC_SHA256", l0.G2);
        addCipherSuite(treeMap, "TLS_RSA_WITH_ARIA_128_GCM_SHA256", l0.a3);
        addCipherSuite(treeMap, "TLS_RSA_WITH_ARIA_256_CBC_SHA384", l0.H2);
        addCipherSuite(treeMap, "TLS_RSA_WITH_ARIA_256_GCM_SHA384", l0.b3);
        addCipherSuite(treeMap, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 65);
        addCipherSuite(treeMap, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 186);
        addCipherSuite(treeMap, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", l0.Q3);
        addCipherSuite(treeMap, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 132);
        addCipherSuite(treeMap, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 192);
        addCipherSuite(treeMap, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", l0.R3);
        addCipherSuite(treeMap, "TLS_RSA_WITH_NULL_SHA", 2);
        addCipherSuite(treeMap, "TLS_RSA_WITH_NULL_SHA256", 59);
        return Collections.unmodifiableMap(treeMap);
    }

    public static Map<String, CipherSuiteInfo> createSupportedCipherSuiteMapFips(Map<String, CipherSuiteInfo> map) {
        LinkedHashMap linkedHashMap = new LinkedHashMap(map);
        FipsUtils.removeNonFipsCipherSuites(linkedHashMap.keySet());
        return Collections.unmodifiableMap(linkedHashMap);
    }

    public static Map<String, y2> createSupportedProtocolMap() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(TLSUtils.PROTO_TLSV1_2, y2.f);
        linkedHashMap.put(TLSUtils.PROTO_TLSV1_1, y2.e);
        linkedHashMap.put(TLSUtils.PROTO_TLSV1, y2.d);
        linkedHashMap.put(TLSUtils.PROTO_SSL3, y2.f13779c);
        return Collections.unmodifiableMap(linkedHashMap);
    }

    public static Map<String, y2> createSupportedProtocolMapFips(Map<String, y2> map) {
        LinkedHashMap linkedHashMap = new LinkedHashMap(map);
        FipsUtils.removeNonFipsProtocols(linkedHashMap.keySet());
        return Collections.unmodifiableMap(linkedHashMap);
    }

    public static Map<String, y2> createSupportedProtocolMapGMSSL() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("GMSSLv1.1", y2.j);
        return Collections.unmodifiableMap(linkedHashMap);
    }

    public static String[] getArray(Collection<String> collection) {
        return (String[]) collection.toArray(new String[collection.size()]);
    }

    public static CipherSuiteInfo getCipherSuiteInfo(String str) {
        return SUPPORTED_CIPHERSUITE_MAP.get(str);
    }

    public static String getCipherSuiteName(int i) {
        if (i == 0) {
            return "SSL_NULL_WITH_NULL_NULL";
        }
        if (!d6.r(i)) {
            return null;
        }
        for (CipherSuiteInfo cipherSuiteInfo : SUPPORTED_CIPHERSUITE_MAP.values()) {
            if (cipherSuiteInfo.getCipherSuite() == i) {
                return cipherSuiteInfo.getName();
            }
        }
        return null;
    }

    public static String[] getDefaultEnabledCipherSuites(boolean z) {
        List<String> list = z ? DEFAULT_CIPHERSUITE_LIST_FIPS : DEFAULT_CIPHERSUITE_LIST;
        String[] strArr = new String[list.size()];
        int i = 0;
        for (String str : list) {
            if (ProvAlgorithmConstraints.DEFAULT.permits(TLS_CRYPTO_PRIMITIVES_BC, str, null)) {
                strArr[i] = str;
                i++;
            }
        }
        return JsseUtils.resize(strArr, i);
    }

    public static String[] getDefaultEnabledProtocolCandidates(boolean z, String[] strArr, String str) {
        if (strArr != null) {
            return strArr;
        }
        String[] jdkTlsProtocols = getJdkTlsProtocols(z, str);
        return jdkTlsProtocols != null ? jdkTlsProtocols : z ? DEFAULT_ENABLED_PROTOCOLS_GMSSL : DEFAULT_ENABLED_PROTOCOLS;
    }

    public static String[] getDefaultEnabledProtocols(boolean z, Map<String, y2> map, String[] strArr, String str) {
        String[] defaultEnabledProtocolCandidates = getDefaultEnabledProtocolCandidates(z, strArr, str);
        String[] strArr2 = new String[defaultEnabledProtocolCandidates.length];
        int i = 0;
        for (String str2 : defaultEnabledProtocolCandidates) {
            if (map.containsKey(str2) && ProvAlgorithmConstraints.DEFAULT_TLS_ONLY.permits(TLS_CRYPTO_PRIMITIVES_BC, str2, null)) {
                strArr2[i] = str2;
                i++;
            }
        }
        return JsseUtils.resize(strArr2, i);
    }

    public static String[] getDefaultEnabledProtocolsClient(boolean z, Map<String, y2> map, String[] strArr) {
        return getDefaultEnabledProtocols(z, map, strArr, PROPERTY_CLIENT_PROTOCOLS);
    }

    public static String[] getDefaultEnabledProtocolsServer(boolean z, Map<String, y2> map) {
        return getDefaultEnabledProtocols(z, map, null, PROPERTY_SERVER_PROTOCOLS);
    }

    public static KeyManager[] getDefaultKeyManagers() {
        KeyStoreConfig defaultKeyStore = ProvKeyManagerFactorySpi.getDefaultKeyStore();
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(defaultKeyStore.keyStore, defaultKeyStore.password);
        return keyManagerFactory.getKeyManagers();
    }

    public static TrustManager[] getDefaultTrustManagers() {
        KeyStore defaultTrustStore = ProvTrustManagerFactorySpi.getDefaultTrustStore();
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(defaultTrustStore);
        return trustManagerFactory.getTrustManagers();
    }

    public static String[] getJdkTlsProtocols(boolean z, String str) {
        Logger logger;
        StringBuilder sb;
        String[] stringArraySystemProperty = PropertyUtils.getStringArraySystemProperty(str);
        if (stringArraySystemProperty == null) {
            return null;
        }
        String[] strArr = new String[stringArraySystemProperty.length];
        int i = 0;
        for (String str2 : stringArraySystemProperty) {
            if (!z && !SUPPORTED_PROTOCOL_MAP.containsKey(str2)) {
                logger = LOG;
                sb = new StringBuilder();
                sb.append("'");
                sb.append(str);
                sb.append("' contains unsupported protocol: ");
                sb.append(str2);
            } else if (z && SUPPORTED_PROTOCOL_MAP_GMSSL.containsKey(str2)) {
                logger = LOG;
                sb = new StringBuilder();
                sb.append("'");
                sb.append(str);
                sb.append("' contains unsupported protocol: ");
                sb.append(str2);
                sb.append("in GMSSL");
            } else {
                if (!JsseUtils.contains(strArr, str2)) {
                    strArr[i] = str2;
                    i++;
                }
            }
            logger.warning(sb.toString());
        }
        if (i >= 1) {
            return JsseUtils.resize(strArr, i);
        }
        LOG.severe("'" + str + "' contained no supported protocol values (ignoring)");
        return null;
    }

    public static String[] getKeysArray(Map<String, ?> map) {
        return getArray(map.keySet());
    }

    public static y2 getProtocolVersion(String str) {
        return SUPPORTED_PROTOCOL_MAP.get(str);
    }

    public static y2 getProtocolVersionGMSSL(String str) {
        return SUPPORTED_PROTOCOL_MAP_GMSSL.get(str);
    }

    public static String getProtocolVersionName(y2 y2Var) {
        Map.Entry<String, y2> next;
        if (y2Var == null) {
            return "NONE";
        }
        Iterator<Map.Entry<String, y2>> it2 = SUPPORTED_PROTOCOL_MAP_GMSSL.entrySet().iterator();
        while (true) {
            if (!it2.hasNext()) {
                Iterator<Map.Entry<String, y2>> it3 = SUPPORTED_PROTOCOL_MAP.entrySet().iterator();
                while (it3.hasNext()) {
                    next = it3.next();
                    if (next.getValue().b(y2Var)) {
                    }
                }
                return "NONE";
            }
            next = it2.next();
            if (next.getValue().b(y2Var)) {
                break;
            }
        }
        return next.getKey();
    }

    private String[] implGetDefaultCipherSuites(boolean z) {
        return this.defaultCipherSuites;
    }

    private String[] implGetDefaultProtocols(boolean z) {
        return z ? this.defaultProtocolsClient : this.defaultProtocolsServer;
    }

    @Override // javax.net.ssl.SSLContextSpi
    public synchronized SSLEngine engineCreateSSLEngine() {
        return SSLEngineUtil.create(getContextData());
    }

    @Override // javax.net.ssl.SSLContextSpi
    public synchronized SSLEngine engineCreateSSLEngine(String str, int i) {
        return SSLEngineUtil.create(getContextData(), str, i);
    }

    @Override // javax.net.ssl.SSLContextSpi
    public synchronized SSLSessionContext engineGetClientSessionContext() {
        return getContextData().getClientSessionContext();
    }

    @Override // javax.net.ssl.SSLContextSpi
    public SSLParameters engineGetDefaultSSLParameters() {
        getContextData();
        return SSLParametersUtil.getSSLParameters(getDefaultSSLParameters(true));
    }

    @Override // javax.net.ssl.SSLContextSpi
    public synchronized SSLSessionContext engineGetServerSessionContext() {
        return getContextData().getServerSessionContext();
    }

    @Override // javax.net.ssl.SSLContextSpi
    public SSLServerSocketFactory engineGetServerSocketFactory() {
        return new ProvSSLServerSocketFactory(getContextData());
    }

    @Override // javax.net.ssl.SSLContextSpi
    public SSLSocketFactory engineGetSocketFactory() {
        return new ProvSSLSocketFactory(getContextData());
    }

    @Override // javax.net.ssl.SSLContextSpi
    public SSLParameters engineGetSupportedSSLParameters() {
        getContextData();
        return SSLParametersUtil.getSSLParameters(getSupportedSSLParameters(true));
    }

    @Override // javax.net.ssl.SSLContextSpi
    public synchronized void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) {
        this.contextData = null;
        y9 a2 = this.cryptoProvider.a(secureRandom);
        FMX509ExtendedKeyManager selectX509KeyManager = selectX509KeyManager(a2.k(), keyManagerArr);
        FMX509ExtendedTrustManager selectX509TrustManager = selectX509TrustManager(a2.k(), trustManagerArr);
        a2.a().nextInt();
        this.contextData = new ContextData(this, a2, selectX509KeyManager, selectX509TrustManager);
    }

    public int[] getActiveCipherSuites(y9 y9Var, ProvSSLParameters provSSLParameters, y2[] y2VarArr) {
        String[] cipherSuitesArray = provSSLParameters.getCipherSuitesArray();
        FMAlgorithmConstraints algorithmConstraints = provSSLParameters.getAlgorithmConstraints();
        int[] iArr = new int[cipherSuitesArray.length];
        int i = 0;
        for (String str : cipherSuitesArray) {
            CipherSuiteInfo cipherSuiteInfo = this.supportedCipherSuites.get(str);
            if (cipherSuiteInfo != null && algorithmConstraints.permits(TLS_CRYPTO_PRIMITIVES_BC, str, null)) {
                iArr[i] = cipherSuiteInfo.getCipherSuite();
                i++;
            }
        }
        int[] a2 = d6.a(y9Var, iArr, i);
        if (a2.length >= 1) {
            return a2;
        }
        throw new IllegalStateException("No usable cipher suites enabled");
    }

    public y2[] getActiveProtocolVersions(ProvSSLParameters provSSLParameters) {
        String[] protocolsArray = provSSLParameters.getProtocolsArray();
        FMAlgorithmConstraints algorithmConstraints = provSSLParameters.getAlgorithmConstraints();
        TreeSet treeSet = new TreeSet(new Comparator<y2>() { // from class: com.fisec.jsse.provider.ProvSSLContextSpi.1
            @Override // java.util.Comparator
            public int compare(y2 y2Var, y2 y2Var2) {
                if (y2Var.f(y2Var2)) {
                    return -1;
                }
                return y2Var2.f(y2Var) ? 1 : 0;
            }
        });
        for (String str : protocolsArray) {
            y2 y2Var = this.supportedProtocols.get(str);
            if (y2Var != null && algorithmConstraints.permits(TLS_CRYPTO_PRIMITIVES_BC, str, null)) {
                treeSet.add(y2Var);
            }
        }
        if (treeSet.isEmpty()) {
            throw new IllegalStateException("No usable protocols enabled");
        }
        return (y2[]) treeSet.toArray(new y2[treeSet.size()]);
    }

    public synchronized ContextData getContextData() {
        ContextData contextData;
        contextData = this.contextData;
        if (contextData == null) {
            throw new IllegalStateException("SSLContext has not been initialized.");
        }
        return contextData;
    }

    public String[] getDefaultCipherSuites(boolean z) {
        return (String[]) implGetDefaultCipherSuites(z).clone();
    }

    public String[] getDefaultProtocols(boolean z) {
        return (String[]) implGetDefaultProtocols(z).clone();
    }

    public ProvSSLParameters getDefaultSSLParameters(boolean z) {
        return new ProvSSLParameters(this, implGetDefaultCipherSuites(z), implGetDefaultProtocols(z));
    }

    public String[] getSupportedCipherSuites() {
        return getKeysArray(this.supportedCipherSuites);
    }

    public String[] getSupportedCipherSuites(String[] strArr) {
        if (strArr == null) {
            throw new NullPointerException("'cipherSuites' cannot be null");
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (str == null || str.length() < 1) {
                throw new IllegalArgumentException("'cipherSuites' cannot contain null or empty string elements");
            }
            if (this.supportedCipherSuites.containsKey(str)) {
                arrayList.add(str);
            }
        }
        return getArray(arrayList);
    }

    public String[] getSupportedProtocols() {
        return getKeysArray(this.supportedProtocols);
    }

    public ProvSSLParameters getSupportedSSLParameters(boolean z) {
        return new ProvSSLParameters(this, getSupportedCipherSuites(), getSupportedProtocols());
    }

    public boolean isFips() {
        return this.isInFipsMode;
    }

    public boolean isSupportedProtocols(String[] strArr) {
        if (strArr == null) {
            return false;
        }
        for (String str : strArr) {
            if (str == null || !this.supportedProtocols.containsKey(str)) {
                return false;
            }
        }
        return true;
    }

    public FMX509ExtendedKeyManager selectX509KeyManager(dc dcVar, KeyManager[] keyManagerArr) {
        if (keyManagerArr != null) {
            for (KeyManager keyManager : keyManagerArr) {
                if (keyManager instanceof X509KeyManager) {
                    return X509KeyManagerUtil.importX509KeyManager(dcVar, (X509KeyManager) keyManager);
                }
            }
        }
        return DummyX509KeyManager.INSTANCE;
    }

    public FMX509ExtendedTrustManager selectX509TrustManager(dc dcVar, TrustManager[] trustManagerArr) {
        if (trustManagerArr == null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (Exception e) {
                LOG.log(Level.WARNING, "Failed to load default trust managers", (Throwable) e);
            }
        }
        if (trustManagerArr != null) {
            for (TrustManager trustManager : trustManagerArr) {
                if (trustManager instanceof X509TrustManager) {
                    return X509TrustManagerUtil.importX509TrustManager(dcVar, (X509TrustManager) trustManager);
                }
            }
        }
        return DummyX509TrustManager.INSTANCE;
    }

    public void updateDefaultSSLParameters(ProvSSLParameters provSSLParameters, boolean z) {
        boolean z2 = !z;
        if (provSSLParameters.getCipherSuitesArray() == implGetDefaultCipherSuites(z2)) {
            provSSLParameters.setCipherSuitesArray(implGetDefaultCipherSuites(z));
        }
        if (provSSLParameters.getProtocolsArray() == implGetDefaultProtocols(z2)) {
            provSSLParameters.setProtocolsArray(implGetDefaultProtocols(z));
        }
    }

    public String validateNegotiatedCipherSuite(ProvSSLParameters provSSLParameters, int i) {
        String cipherSuiteName = getCipherSuiteName(i);
        if (cipherSuiteName != null && JsseUtils.contains(provSSLParameters.getCipherSuitesArray(), cipherSuiteName) && provSSLParameters.getAlgorithmConstraints().permits(TLS_CRYPTO_PRIMITIVES_BC, cipherSuiteName, null) && this.supportedCipherSuites.containsKey(cipherSuiteName) && (!this.isInFipsMode || FipsUtils.isFipsCipherSuite(cipherSuiteName))) {
            return cipherSuiteName;
        }
        throw new IllegalStateException("SSL connection negotiated unsupported ciphersuite: " + i);
    }

    public String validateNegotiatedProtocol(ProvSSLParameters provSSLParameters, y2 y2Var) {
        String protocolVersionName = getProtocolVersionName(y2Var);
        if (protocolVersionName != null && JsseUtils.contains(provSSLParameters.getProtocolsArray(), protocolVersionName) && provSSLParameters.getAlgorithmConstraints().permits(TLS_CRYPTO_PRIMITIVES_BC, protocolVersionName, null) && this.supportedProtocols.containsKey(protocolVersionName) && (!this.isInFipsMode || FipsUtils.isFipsProtocol(protocolVersionName))) {
            return protocolVersionName;
        }
        throw new IllegalStateException("SSL connection negotiated unsupported protocol: " + y2Var);
    }
}
