package io.grpc.okhttp;

import androidx.webkit.Profile;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import io.grpc.CallCredentials;
import io.grpc.ChannelCredentials;
import io.grpc.ChoiceChannelCredentials;
import io.grpc.CompositeCallCredentials;
import io.grpc.CompositeChannelCredentials;
import io.grpc.ExperimentalApi;
import io.grpc.InsecureChannelCredentials;
import io.grpc.Internal;
import io.grpc.ManagedChannelBuilder;
import io.grpc.TlsChannelCredentials;
import io.grpc.internal.AbstractManagedChannelImplBuilder;
import io.grpc.internal.FixedObjectPool;
import io.grpc.internal.GrpcUtil;
import io.grpc.internal.KeepAliveManager;
import io.grpc.internal.ManagedChannelImplBuilder;
import io.grpc.internal.ObjectPool;
import io.grpc.internal.SharedResourceHolder;
import io.grpc.internal.SharedResourcePool;
import io.grpc.internal.TransportTracer;
import io.grpc.okhttp.internal.CipherSuite;
import io.grpc.okhttp.internal.ConnectionSpec;
import io.grpc.okhttp.internal.Platform;
import io.grpc.okhttp.internal.TlsVersion;
import io.grpc.util.CertificateUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.Executor;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nullable;
import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

@ExperimentalApi("https://github.com/grpc/grpc-java/issues/1785")
/* loaded from: classes8.dex */
public final class OkHttpChannelBuilder extends AbstractManagedChannelImplBuilder<OkHttpChannelBuilder> {
    public static final int DEFAULT_FLOW_CONTROL_WINDOW = 65535;
    static final ObjectPool<Executor> DEFAULT_TRANSPORT_EXECUTOR_POOL;
    private static final SharedResourceHolder.Resource<Executor> SHARED_EXECUTOR;
    private static final EnumSet<TlsChannelCredentials.Feature> understoodTlsFeatures;
    private ConnectionSpec connectionSpec;
    private int flowControlWindow;
    private final boolean freezeSecurityConfiguration;
    private HostnameVerifier hostnameVerifier;
    private long keepAliveTimeNanos;
    private long keepAliveTimeoutNanos;
    private boolean keepAliveWithoutCalls;
    private final ManagedChannelImplBuilder managedChannelImplBuilder;
    private int maxInboundMetadataSize;
    private k negotiationType;
    private ObjectPool<ScheduledExecutorService> scheduledExecutorServicePool;
    private SocketFactory socketFactory;
    private SSLSocketFactory sslSocketFactory;
    private ObjectPool<Executor> transportExecutorPool;
    private TransportTracer.Factory transportTracerFactory;
    private final boolean useGetForSafeMethods;
    private static final Logger log = Logger.getLogger(OkHttpChannelBuilder.class.getName());
    static final ConnectionSpec INTERNAL_DEFAULT_CONNECTION_SPEC = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS).cipherSuites(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256).tlsVersions(TlsVersion.TLS_1_2).supportsTlsExtensions(true).build();
    private static final long AS_LARGE_AS_INFINITE = TimeUnit.DAYS.toNanos(1000);

    static {
        i iVar = new i();
        SHARED_EXECUTOR = iVar;
        DEFAULT_TRANSPORT_EXECUTOR_POOL = SharedResourcePool.forResource(iVar);
        understoodTlsFeatures = EnumSet.of(TlsChannelCredentials.Feature.MTLS, TlsChannelCredentials.Feature.CUSTOM_MANAGERS);
    }

    private OkHttpChannelBuilder(String str) {
        this.transportTracerFactory = TransportTracer.getDefaultFactory();
        this.transportExecutorPool = DEFAULT_TRANSPORT_EXECUTOR_POOL;
        this.scheduledExecutorServicePool = SharedResourcePool.forResource(GrpcUtil.TIMER_SERVICE);
        this.connectionSpec = INTERNAL_DEFAULT_CONNECTION_SPEC;
        this.negotiationType = k.TLS;
        this.keepAliveTimeNanos = Long.MAX_VALUE;
        this.keepAliveTimeoutNanos = GrpcUtil.DEFAULT_KEEPALIVE_TIMEOUT_NANOS;
        this.flowControlWindow = 65535;
        this.maxInboundMetadataSize = Integer.MAX_VALUE;
        this.useGetForSafeMethods = false;
        this.managedChannelImplBuilder = new ManagedChannelImplBuilder(str, new m(this), new l(this));
        this.freezeSecurityConfiguration = false;
    }

    private OkHttpChannelBuilder(String str, int i6) {
        this(GrpcUtil.authorityFromHostAndPort(str, i6));
    }

    public OkHttpChannelBuilder(String str, ChannelCredentials channelCredentials, CallCredentials callCredentials, SSLSocketFactory sSLSocketFactory) {
        this.transportTracerFactory = TransportTracer.getDefaultFactory();
        this.transportExecutorPool = DEFAULT_TRANSPORT_EXECUTOR_POOL;
        this.scheduledExecutorServicePool = SharedResourcePool.forResource(GrpcUtil.TIMER_SERVICE);
        this.connectionSpec = INTERNAL_DEFAULT_CONNECTION_SPEC;
        k kVar = k.TLS;
        this.negotiationType = kVar;
        this.keepAliveTimeNanos = Long.MAX_VALUE;
        this.keepAliveTimeoutNanos = GrpcUtil.DEFAULT_KEEPALIVE_TIMEOUT_NANOS;
        this.flowControlWindow = 65535;
        this.maxInboundMetadataSize = Integer.MAX_VALUE;
        this.useGetForSafeMethods = false;
        this.managedChannelImplBuilder = new ManagedChannelImplBuilder(str, channelCredentials, callCredentials, new m(this), new l(this));
        this.sslSocketFactory = sSLSocketFactory;
        this.negotiationType = sSLSocketFactory == null ? k.PLAINTEXT : kVar;
        this.freezeSecurityConfiguration = true;
    }

    public static KeyManager[] createKeyManager(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            X509Certificate[] x509Certificates = CertificateUtils.getX509Certificates(byteArrayInputStream);
            GrpcUtil.closeQuietly(byteArrayInputStream);
            byteArrayInputStream = new ByteArrayInputStream(bArr2);
            try {
                try {
                    PrivateKey privateKey = CertificateUtils.getPrivateKey(byteArrayInputStream);
                    GrpcUtil.closeQuietly(byteArrayInputStream);
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    try {
                        keyStore.load(null, null);
                        keyStore.setKeyEntry("key", privateKey, new char[0], x509Certificates);
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        keyManagerFactory.init(keyStore, new char[0]);
                        return keyManagerFactory.getKeyManagers();
                    } catch (IOException e) {
                        throw new GeneralSecurityException(e);
                    }
                } catch (IOException e6) {
                    throw new GeneralSecurityException("Unable to decode private key", e6);
                }
            } finally {
            }
        } finally {
        }
    }

    public static TrustManager[] createTrustManager(byte[] bArr) throws GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        try {
            keyStore.load(null, null);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                X509Certificate[] x509Certificates = CertificateUtils.getX509Certificates(byteArrayInputStream);
                GrpcUtil.closeQuietly(byteArrayInputStream);
                for (X509Certificate x509Certificate : x509Certificates) {
                    keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName("RFC2253"), x509Certificate);
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                return trustManagerFactory.getTrustManagers();
            } catch (Throwable th) {
                GrpcUtil.closeQuietly(byteArrayInputStream);
                throw th;
            }
        } catch (IOException e) {
            throw new GeneralSecurityException(e);
        }
    }

    public static OkHttpChannelBuilder forAddress(String str, int i6) {
        return new OkHttpChannelBuilder(str, i6);
    }

    public static OkHttpChannelBuilder forAddress(String str, int i6, ChannelCredentials channelCredentials) {
        return forTarget(GrpcUtil.authorityFromHostAndPort(str, i6), channelCredentials);
    }

    public static OkHttpChannelBuilder forTarget(String str) {
        return new OkHttpChannelBuilder(str);
    }

    public static OkHttpChannelBuilder forTarget(String str, ChannelCredentials channelCredentials) {
        p sslSocketFactoryFrom = sslSocketFactoryFrom(channelCredentials);
        if (sslSocketFactoryFrom.f20960c == null) {
            return new OkHttpChannelBuilder(str, channelCredentials, sslSocketFactoryFrom.b, sslSocketFactoryFrom.f20959a);
        }
        throw new IllegalArgumentException(sslSocketFactoryFrom.f20960c);
    }

    public static p sslSocketFactoryFrom(ChannelCredentials channelCredentials) {
        KeyManager[] keyManagerArr;
        TrustManager[] createTrustManager;
        if (!(channelCredentials instanceof TlsChannelCredentials)) {
            if (channelCredentials instanceof InsecureChannelCredentials) {
                return new p(null, null, null);
            }
            if (channelCredentials instanceof CompositeChannelCredentials) {
                CompositeChannelCredentials compositeChannelCredentials = (CompositeChannelCredentials) channelCredentials;
                p sslSocketFactoryFrom = sslSocketFactoryFrom(compositeChannelCredentials.getChannelCredentials());
                CallCredentials callCredentials = compositeChannelCredentials.getCallCredentials();
                sslSocketFactoryFrom.getClass();
                Preconditions.checkNotNull(callCredentials, "callCreds");
                if (sslSocketFactoryFrom.f20960c != null) {
                    return sslSocketFactoryFrom;
                }
                CallCredentials callCredentials2 = sslSocketFactoryFrom.b;
                if (callCredentials2 != null) {
                    callCredentials = new CompositeCallCredentials(callCredentials2, callCredentials);
                }
                return new p(sslSocketFactoryFrom.f20959a, callCredentials, null);
            }
            if (channelCredentials instanceof a1) {
                return new p((SSLSocketFactory) Preconditions.checkNotNull(((a1) channelCredentials).f20836a, "factory"), null, null);
            }
            if (!(channelCredentials instanceof ChoiceChannelCredentials)) {
                return p.a("Unsupported credential type: ".concat(channelCredentials.getClass().getName()));
            }
            StringBuilder sb = new StringBuilder();
            Iterator<ChannelCredentials> it = ((ChoiceChannelCredentials) channelCredentials).getCredentialsList().iterator();
            while (it.hasNext()) {
                p sslSocketFactoryFrom2 = sslSocketFactoryFrom(it.next());
                if (sslSocketFactoryFrom2.f20960c == null) {
                    return sslSocketFactoryFrom2;
                }
                sb.append(", ");
                sb.append(sslSocketFactoryFrom2.f20960c);
            }
            return p.a(sb.substring(2));
        }
        TlsChannelCredentials tlsChannelCredentials = (TlsChannelCredentials) channelCredentials;
        Set<TlsChannelCredentials.Feature> incomprehensible = tlsChannelCredentials.incomprehensible(understoodTlsFeatures);
        if (!incomprehensible.isEmpty()) {
            return p.a("TLS features not understood: " + incomprehensible);
        }
        if (tlsChannelCredentials.getKeyManagers() != null) {
            keyManagerArr = (KeyManager[]) tlsChannelCredentials.getKeyManagers().toArray(new KeyManager[0]);
        } else if (tlsChannelCredentials.getPrivateKey() == null) {
            keyManagerArr = null;
        } else {
            if (tlsChannelCredentials.getPrivateKeyPassword() != null) {
                return p.a("byte[]-based private key with password unsupported. Use unencrypted file or KeyManager");
            }
            try {
                keyManagerArr = createKeyManager(tlsChannelCredentials.getCertificateChain(), tlsChannelCredentials.getPrivateKey());
            } catch (GeneralSecurityException e) {
                log.log(Level.FINE, "Exception loading private key from credential", (Throwable) e);
                return p.a("Unable to load private key: " + e.getMessage());
            }
        }
        if (tlsChannelCredentials.getTrustManagers() != null) {
            createTrustManager = (TrustManager[]) tlsChannelCredentials.getTrustManagers().toArray(new TrustManager[0]);
        } else if (tlsChannelCredentials.getRootCertificates() != null) {
            try {
                createTrustManager = createTrustManager(tlsChannelCredentials.getRootCertificates());
            } catch (GeneralSecurityException e6) {
                log.log(Level.FINE, "Exception loading root certificates from credential", (Throwable) e6);
                return p.a("Unable to load root certificates: " + e6.getMessage());
            }
        } else {
            createTrustManager = null;
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS", Platform.get().getProvider());
            sSLContext.init(keyManagerArr, createTrustManager, null);
            return new p((SSLSocketFactory) Preconditions.checkNotNull(sSLContext.getSocketFactory(), "factory"), null, null);
        } catch (GeneralSecurityException e7) {
            throw new RuntimeException("TLS Provider failure", e7);
        }
    }

    public o buildTransportFactory() {
        return new o(this.transportExecutorPool, this.scheduledExecutorServicePool, this.socketFactory, createSslSocketFactory(), this.hostnameVerifier, this.connectionSpec, this.maxInboundMessageSize, this.keepAliveTimeNanos != Long.MAX_VALUE, this.keepAliveTimeNanos, this.keepAliveTimeoutNanos, this.flowControlWindow, this.keepAliveWithoutCalls, this.maxInboundMetadataSize, this.transportTracerFactory, false);
    }

    public OkHttpChannelBuilder connectionSpec(com.squareup.okhttp.ConnectionSpec connectionSpec) {
        Preconditions.checkState(!this.freezeSecurityConfiguration, "Cannot change security when using ChannelCredentials");
        Preconditions.checkArgument(connectionSpec.isTls(), "plaintext ConnectionSpec is not accepted");
        this.connectionSpec = d1.b(connectionSpec);
        return this;
    }

    @VisibleForTesting
    @Nullable
    public SSLSocketFactory createSslSocketFactory() {
        int ordinal = this.negotiationType.ordinal();
        if (ordinal != 0) {
            if (ordinal == 1) {
                return null;
            }
            throw new RuntimeException("Unknown negotiation type: " + this.negotiationType);
        }
        try {
            if (this.sslSocketFactory == null) {
                this.sslSocketFactory = SSLContext.getInstance(Profile.DEFAULT_PROFILE_NAME, Platform.get().getProvider()).getSocketFactory();
            }
            return this.sslSocketFactory;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("TLS Provider failure", e);
        }
    }

    @Override // io.grpc.internal.AbstractManagedChannelImplBuilder
    @Internal
    public ManagedChannelBuilder<?> delegate() {
        return this.managedChannelImplBuilder;
    }

    public OkHttpChannelBuilder disableCheckAuthority() {
        this.managedChannelImplBuilder.disableCheckAuthority();
        return this;
    }

    public OkHttpChannelBuilder enableCheckAuthority() {
        this.managedChannelImplBuilder.enableCheckAuthority();
        return this;
    }

    public OkHttpChannelBuilder flowControlWindow(int i6) {
        Preconditions.checkState(i6 > 0, "flowControlWindow must be positive");
        this.flowControlWindow = i6;
        return this;
    }

    public int getDefaultPort() {
        int ordinal = this.negotiationType.ordinal();
        if (ordinal == 0) {
            return 443;
        }
        if (ordinal == 1) {
            return 80;
        }
        throw new AssertionError(this.negotiationType + " not handled");
    }

    public OkHttpChannelBuilder hostnameVerifier(@Nullable HostnameVerifier hostnameVerifier) {
        Preconditions.checkState(!this.freezeSecurityConfiguration, "Cannot change security when using ChannelCredentials");
        this.hostnameVerifier = hostnameVerifier;
        return this;
    }

    @Override // io.grpc.internal.AbstractManagedChannelImplBuilder, io.grpc.ManagedChannelBuilder
    public OkHttpChannelBuilder keepAliveTime(long j6, TimeUnit timeUnit) {
        Preconditions.checkArgument(j6 > 0, "keepalive time must be positive");
        long nanos = timeUnit.toNanos(j6);
        this.keepAliveTimeNanos = nanos;
        long clampKeepAliveTimeInNanos = KeepAliveManager.clampKeepAliveTimeInNanos(nanos);
        this.keepAliveTimeNanos = clampKeepAliveTimeInNanos;
        if (clampKeepAliveTimeInNanos >= AS_LARGE_AS_INFINITE) {
            this.keepAliveTimeNanos = Long.MAX_VALUE;
        }
        return this;
    }

    @Override // io.grpc.internal.AbstractManagedChannelImplBuilder, io.grpc.ManagedChannelBuilder
    public OkHttpChannelBuilder keepAliveTimeout(long j6, TimeUnit timeUnit) {
        Preconditions.checkArgument(j6 > 0, "keepalive timeout must be positive");
        long nanos = timeUnit.toNanos(j6);
        this.keepAliveTimeoutNanos = nanos;
        this.keepAliveTimeoutNanos = KeepAliveManager.clampKeepAliveTimeoutInNanos(nanos);
        return this;
    }

    @Override // io.grpc.internal.AbstractManagedChannelImplBuilder, io.grpc.ManagedChannelBuilder
    public OkHttpChannelBuilder keepAliveWithoutCalls(boolean z5) {
        this.keepAliveWithoutCalls = z5;
        return this;
    }

    @Override // io.grpc.internal.AbstractManagedChannelImplBuilder, io.grpc.ManagedChannelBuilder
    public OkHttpChannelBuilder maxInboundMessageSize(int i6) {
        Preconditions.checkArgument(i6 >= 0, "negative max");
        this.maxInboundMessageSize = i6;
        return this;
    }

    @Override // io.grpc.internal.AbstractManagedChannelImplBuilder, io.grpc.ManagedChannelBuilder
    public OkHttpChannelBuilder maxInboundMetadataSize(int i6) {
        Preconditions.checkArgument(i6 > 0, "maxInboundMetadataSize must be > 0");
        this.maxInboundMetadataSize = i6;
        return this;
    }

    @Deprecated
    public OkHttpChannelBuilder negotiationType(NegotiationType negotiationType) {
        Preconditions.checkState(!this.freezeSecurityConfiguration, "Cannot change security when using ChannelCredentials");
        Preconditions.checkNotNull(negotiationType, "type");
        int i6 = j.f20917a[negotiationType.ordinal()];
        if (i6 == 1) {
            this.negotiationType = k.TLS;
        } else {
            if (i6 != 2) {
                throw new AssertionError("Unknown negotiation type: " + negotiationType);
            }
            this.negotiationType = k.PLAINTEXT;
        }
        return this;
    }

    public OkHttpChannelBuilder scheduledExecutorService(ScheduledExecutorService scheduledExecutorService) {
        this.scheduledExecutorServicePool = new FixedObjectPool((ScheduledExecutorService) Preconditions.checkNotNull(scheduledExecutorService, "scheduledExecutorService"));
        return this;
    }

    public void setStatsEnabled(boolean z5) {
        this.managedChannelImplBuilder.setStatsEnabled(z5);
    }

    @VisibleForTesting
    public OkHttpChannelBuilder setTransportTracerFactory(TransportTracer.Factory factory) {
        this.transportTracerFactory = factory;
        return this;
    }

    public OkHttpChannelBuilder socketFactory(@Nullable SocketFactory socketFactory) {
        this.socketFactory = socketFactory;
        return this;
    }

    public OkHttpChannelBuilder sslSocketFactory(SSLSocketFactory sSLSocketFactory) {
        Preconditions.checkState(!this.freezeSecurityConfiguration, "Cannot change security when using ChannelCredentials");
        this.sslSocketFactory = sSLSocketFactory;
        this.negotiationType = k.TLS;
        return this;
    }

    public OkHttpChannelBuilder tlsConnectionSpec(String[] strArr, String[] strArr2) {
        Preconditions.checkState(!this.freezeSecurityConfiguration, "Cannot change security when using ChannelCredentials");
        Preconditions.checkNotNull(strArr, "tls versions must not null");
        Preconditions.checkNotNull(strArr2, "ciphers must not null");
        this.connectionSpec = new ConnectionSpec.Builder(true).supportsTlsExtensions(true).tlsVersions(strArr).cipherSuites(strArr2).build();
        return this;
    }

    public OkHttpChannelBuilder transportExecutor(@Nullable Executor executor) {
        if (executor == null) {
            this.transportExecutorPool = DEFAULT_TRANSPORT_EXECUTOR_POOL;
        } else {
            this.transportExecutorPool = new FixedObjectPool(executor);
        }
        return this;
    }

    @Override // io.grpc.internal.AbstractManagedChannelImplBuilder, io.grpc.ManagedChannelBuilder
    public OkHttpChannelBuilder usePlaintext() {
        Preconditions.checkState(!this.freezeSecurityConfiguration, "Cannot change security when using ChannelCredentials");
        this.negotiationType = k.PLAINTEXT;
        return this;
    }

    @Override // io.grpc.internal.AbstractManagedChannelImplBuilder, io.grpc.ManagedChannelBuilder
    public OkHttpChannelBuilder useTransportSecurity() {
        Preconditions.checkState(!this.freezeSecurityConfiguration, "Cannot change security when using ChannelCredentials");
        this.negotiationType = k.TLS;
        return this;
    }
}
