package org.eclipse.jetty.util.ssl;

import h10.e;
import h10.f;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CRL;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.net.imap.IMAPSClient;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.security.CertificateUtils;

/* loaded from: classes4.dex */
public class SslContextFactory extends AbstractLifeCycle implements d10.b {

    /* renamed from: h0, reason: collision with root package name */
    public static final TrustManager[] f49460h0 = {new a()};

    /* renamed from: i0, reason: collision with root package name */
    public static final e10.b f49461i0;

    /* renamed from: j0, reason: collision with root package name */
    public static final e10.b f49462j0;

    /* renamed from: k0, reason: collision with root package name */
    public static final String f49463k0;

    /* renamed from: l0, reason: collision with root package name */
    public static final String f49464l0;

    /* renamed from: m0, reason: collision with root package name */
    public static final String[] f49465m0;

    /* renamed from: n0, reason: collision with root package name */
    public static final String[] f49466n0;
    public Resource A;
    public String B;
    public String C;
    public boolean D;
    public boolean E;
    public g10.c F;
    public g10.c G;
    public g10.c H;
    public String I;
    public String J;
    public String K;
    public String L;
    public String M;
    public boolean N;
    public boolean O;
    public int P;
    public String Q;
    public boolean R;
    public boolean S;
    public String T;
    public KeyStore U;
    public KeyStore V;
    public boolean W;
    public int X;
    public int Y;
    public SSLContext Z;

    /* renamed from: a0, reason: collision with root package name */
    public String f49467a0;

    /* renamed from: b0, reason: collision with root package name */
    public boolean f49468b0;

    /* renamed from: c0, reason: collision with root package name */
    public boolean f49469c0;

    /* renamed from: d0, reason: collision with root package name */
    public int f49470d0;

    /* renamed from: e0, reason: collision with root package name */
    public c f49471e0;

    /* renamed from: f0, reason: collision with root package name */
    public PKIXCertPathChecker f49472f0;

    /* renamed from: g0, reason: collision with root package name */
    public HostnameVerifier f49473g0;

    /* renamed from: l, reason: collision with root package name */
    public final Set<String> f49474l;

    /* renamed from: m, reason: collision with root package name */
    public final Set<String> f49475m;

    /* renamed from: n, reason: collision with root package name */
    public final Set<String> f49476n;

    /* renamed from: o, reason: collision with root package name */
    public final List<String> f49477o;

    /* renamed from: p, reason: collision with root package name */
    public final Map<String, f> f49478p;

    /* renamed from: q, reason: collision with root package name */
    public final Map<String, f> f49479q;

    /* renamed from: r, reason: collision with root package name */
    public final Map<String, f> f49480r;

    /* renamed from: s, reason: collision with root package name */
    public String[] f49481s;

    /* renamed from: t, reason: collision with root package name */
    public boolean f49482t;

    /* renamed from: u, reason: collision with root package name */
    public Comparator<String> f49483u;

    /* renamed from: v, reason: collision with root package name */
    public String[] f49484v;

    /* renamed from: w, reason: collision with root package name */
    public Resource f49485w;

    /* renamed from: x, reason: collision with root package name */
    public String f49486x;

    /* renamed from: y, reason: collision with root package name */
    public String f49487y;

    /* renamed from: z, reason: collision with root package name */
    public String f49488z;

    /* loaded from: classes4.dex */
    public static class Client extends SslContextFactory {
        public Client() {
            this(false);
        }

        public Client(boolean z11) {
            super(z11);
        }

        @Override // org.eclipse.jetty.util.ssl.SslContextFactory
        public void d2() {
            m2();
            e2();
            super.d2();
        }
    }

    /* loaded from: classes4.dex */
    public static class Server extends SslContextFactory {
        public Server() {
            J3(null);
        }

        @Override // org.eclipse.jetty.util.ssl.SslContextFactory
        public boolean a3() {
            return super.a3();
        }

        @Override // org.eclipse.jetty.util.ssl.SslContextFactory
        public boolean q3() {
            return super.q3();
        }
    }

    /* loaded from: classes4.dex */
    public class a implements X509TrustManager {
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* loaded from: classes4.dex */
    public class b extends SNIMatcher {

        /* renamed from: a, reason: collision with root package name */
        public String f49489a;

        /* renamed from: b, reason: collision with root package name */
        public f f49490b;

        public b() {
            super(0);
        }

        public String a() {
            return this.f49489a;
        }

        public f b() {
            return this.f49490b;
        }

        @Override // javax.net.ssl.SNIMatcher
        public boolean matches(SNIServerName sNIServerName) {
            int indexOf;
            if (SslContextFactory.f49461i0.isDebugEnabled()) {
                SslContextFactory.f49461i0.b("SNI matching for {}", sNIServerName);
            }
            if (sNIServerName instanceof SNIHostName) {
                String asciiName = ((SNIHostName) sNIServerName).getAsciiName();
                this.f49489a = asciiName;
                String b11 = StringUtil.b(asciiName);
                f fVar = (f) SslContextFactory.this.f49479q.get(b11);
                this.f49490b = fVar;
                if (fVar == null) {
                    f fVar2 = (f) SslContextFactory.this.f49480r.get(b11);
                    this.f49490b = fVar2;
                    if (fVar2 == null && (indexOf = b11.indexOf(46)) >= 0) {
                        this.f49490b = (f) SslContextFactory.this.f49480r.get(b11.substring(indexOf + 1));
                    }
                }
                if (SslContextFactory.f49461i0.isDebugEnabled()) {
                    SslContextFactory.f49461i0.b("SNI matched {}->{}", b11, this.f49490b);
                }
            } else if (SslContextFactory.f49461i0.isDebugEnabled()) {
                SslContextFactory.f49461i0.b("SNI no match for {}", sNIServerName);
            }
            return true;
        }
    }

    /* loaded from: classes4.dex */
    public class c {

        /* renamed from: a, reason: collision with root package name */
        public final KeyStore f49492a;

        /* renamed from: b, reason: collision with root package name */
        public final KeyStore f49493b;

        /* renamed from: c, reason: collision with root package name */
        public final SSLContext f49494c;

        public c(KeyStore keyStore, KeyStore keyStore2, SSLContext sSLContext) {
            this.f49492a = keyStore;
            this.f49493b = keyStore2;
            this.f49494c = sSLContext;
        }
    }

    static {
        e10.b a11 = Log.a(SslContextFactory.class);
        f49461i0 = a11;
        f49462j0 = a11.c("config");
        f49463k0 = KeyManagerFactory.getDefaultAlgorithm();
        f49464l0 = TrustManagerFactory.getDefaultAlgorithm();
        f49465m0 = new String[]{"SSL", "SSLv2", "SSLv2Hello", "SSLv3"};
        f49466n0 = new String[]{"^.*_(MD5|SHA|SHA1)$", "^TLS_RSA_.*$", "^SSL_.*$", "^.*_NULL_.*$", "^.*_anon_.*$"};
    }

    @Deprecated
    public SslContextFactory() {
        this(false);
    }

    @Deprecated
    public SslContextFactory(boolean z11) {
        this(z11, null);
    }

    public SslContextFactory(boolean z11, String str) {
        this.f49474l = new LinkedHashSet();
        this.f49475m = new LinkedHashSet();
        this.f49476n = new LinkedHashSet();
        this.f49477o = new ArrayList();
        this.f49478p = new HashMap();
        this.f49479q = new HashMap();
        this.f49480r = new HashMap();
        this.f49482t = true;
        this.f49487y = "JKS";
        this.D = false;
        this.E = false;
        this.J = IMAPSClient.DEFAULT_PROTOCOL;
        this.L = f49463k0;
        this.M = f49464l0;
        this.P = -1;
        this.R = false;
        this.S = false;
        this.W = true;
        this.X = -1;
        this.Y = -1;
        this.f49467a0 = "HTTPS";
        this.f49469c0 = true;
        this.f49470d0 = 5;
        N3(z11);
        L3(f49465m0);
        K3(f49466n0);
        if (str != null) {
            M3(str);
        }
    }

    public Collection<? extends CRL> A3(String str) throws Exception {
        return CertificateUtils.b(str);
    }

    public String B2() {
        return this.Q;
    }

    public KeyStore B3(Resource resource) throws Exception {
        return CertificateUtils.a(resource, Y2(), X2(), Objects.toString(this.F, null));
    }

    public String C2() {
        return this.f49467a0;
    }

    public KeyStore C3(Resource resource) throws Exception {
        String objects = Objects.toString(p3(), Y2());
        String objects2 = Objects.toString(o3(), X2());
        g10.c cVar = this.H;
        if (resource == null || resource.equals(this.f49485w)) {
            resource = this.f49485w;
            if (cVar == null) {
                cVar = this.F;
            }
        }
        return CertificateUtils.a(resource, objects, objects2, Objects.toString(cVar, null));
    }

    public PKIXBuilderParameters D3(KeyStore keyStore, Collection<? extends CRL> collection) throws Exception {
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.setMaxPathLength(this.P);
        pKIXBuilderParameters.setRevocationEnabled(true);
        PKIXCertPathChecker pKIXCertPathChecker = this.f49472f0;
        if (pKIXCertPathChecker != null) {
            pKIXBuilderParameters.addCertPathChecker(pKIXCertPathChecker);
        }
        if (collection != null && !collection.isEmpty()) {
            pKIXBuilderParameters.addCertStore(w2(collection));
        }
        if (this.R) {
            System.setProperty("com.sun.security.enableCRLDP", "true");
        }
        if (this.S) {
            Security.setProperty("ocsp.enable", "true");
            String str = this.T;
            if (str != null) {
                Security.setProperty("ocsp.responderURL", str);
            }
        }
        return pKIXBuilderParameters;
    }

    public String[] E2() {
        return (String[]) this.f49476n.toArray(new String[0]);
    }

    public SSLEngine E3(String str, int i11) {
        f2();
        SSLContext i32 = i3();
        SSLEngine createSSLEngine = u3() ? i32.createSSLEngine(str, i11) : i32.createSSLEngine();
        o2(createSSLEngine);
        return createSSLEngine;
    }

    public void F3(String[] strArr, List<String> list) {
        for (String str : this.f49477o) {
            Pattern compile = Pattern.compile(str);
            boolean z11 = false;
            for (String str2 : strArr) {
                if (compile.matcher(str2).matches()) {
                    list.add(str2);
                    z11 = true;
                }
            }
            if (!z11) {
                f49461i0.g("No Cipher matching '{}' is supported", str);
            }
        }
    }

    public String[] G2() {
        return (String[]) this.f49474l.toArray(new String[0]);
    }

    public void G3(List<String> list) {
        Iterator<String> it = this.f49476n.iterator();
        while (it.hasNext()) {
            Pattern compile = Pattern.compile(it.next());
            Iterator<String> it2 = list.iterator();
            while (it2.hasNext()) {
                if (compile.matcher(it2.next()).matches()) {
                    it2.remove();
                }
            }
        }
    }

    public void H3(String[] strArr, String[] strArr2) {
        ArrayList arrayList = new ArrayList();
        if (this.f49477o.isEmpty()) {
            arrayList.addAll(Arrays.asList(strArr));
        } else {
            F3(strArr2, arrayList);
        }
        G3(arrayList);
        if (arrayList.isEmpty()) {
            f49461i0.a("No supported ciphers from {}", Arrays.asList(strArr2));
        }
        Comparator<String> y22 = y2();
        if (y22 != null) {
            e10.b bVar = f49461i0;
            if (bVar.isDebugEnabled()) {
                bVar.b("Sorting selected ciphers with {}", y22);
            }
            arrayList.sort(y22);
        }
        this.f49484v = (String[]) arrayList.toArray(new String[0]);
    }

    public void I3(String[] strArr, String[] strArr2) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (this.f49475m.isEmpty()) {
            linkedHashSet.addAll(Arrays.asList(strArr));
        } else {
            for (String str : this.f49475m) {
                if (Arrays.asList(strArr2).contains(str)) {
                    linkedHashSet.add(str);
                } else {
                    f49461i0.g("Protocol {} not supported in {}", str, Arrays.asList(strArr2));
                }
            }
        }
        linkedHashSet.removeAll(this.f49474l);
        if (linkedHashSet.isEmpty()) {
            f49461i0.a("No selected protocols from {}", Arrays.asList(strArr2));
        }
        this.f49481s = (String[]) linkedHashSet.toArray(new String[0]);
    }

    public void J3(String str) {
        this.f49467a0 = str;
    }

    public HostnameVerifier K2() {
        return this.f49473g0;
    }

    public void K3(String... strArr) {
        this.f49476n.clear();
        this.f49476n.addAll(Arrays.asList(strArr));
    }

    public void L3(String... strArr) {
        this.f49474l.clear();
        this.f49474l.addAll(Arrays.asList(strArr));
    }

    public String[] M2() {
        return (String[]) this.f49477o.toArray(new String[0]);
    }

    public void M3(String str) {
        try {
            this.f49485w = Resource.g(str);
        } catch (Exception e11) {
            throw new IllegalArgumentException(e11);
        }
    }

    public String[] N2() {
        return (String[]) this.f49475m.toArray(new String[0]);
    }

    public void N3(boolean z11) {
        this.f49468b0 = z11;
        if (z11) {
            J3(null);
        }
    }

    public final void O3() {
        this.f49471e0 = null;
        this.f49481s = null;
        this.f49484v = null;
        this.f49478p.clear();
        this.f49479q.clear();
        this.f49480r.clear();
    }

    public String S2() {
        return this.L;
    }

    public KeyManagerFactory V2() throws NoSuchAlgorithmException {
        String S2 = S2();
        String d32 = d3();
        if (d32 != null) {
            try {
                return KeyManagerFactory.getInstance(S2, d32);
            } catch (Throwable th2) {
                f49461i0.g("Unable to get KeyManagerFactory instance for algorithm [{}] on provider [{}], using default", S2, d32);
                if (f49461i0.isDebugEnabled()) {
                    f49461i0.h(th2);
                }
            }
        }
        return KeyManagerFactory.getInstance(S2);
    }

    @Override // org.eclipse.jetty.util.component.AbstractLifeCycle
    public void W0() throws Exception {
        super.W0();
        synchronized (this) {
            z3();
        }
        d2();
    }

    public KeyManager[] W2(KeyStore keyStore) throws Exception {
        KeyManager[] keyManagerArr = null;
        if (keyStore != null) {
            KeyManagerFactory V2 = V2();
            g10.c cVar = this.G;
            V2.init(keyStore, (cVar == null && (cVar = this.F) == null) ? null : cVar.toString().toCharArray());
            keyManagerArr = V2.getKeyManagers();
            if (keyManagerArr != null) {
                String v22 = v2();
                if (v22 != null) {
                    for (int i11 = 0; i11 < keyManagerArr.length; i11++) {
                        if (keyManagerArr[i11] instanceof X509ExtendedKeyManager) {
                            keyManagerArr[i11] = new h10.a((X509ExtendedKeyManager) keyManagerArr[i11], v22);
                        }
                    }
                }
                if (!this.f49480r.isEmpty() || this.f49479q.size() > 1 || (this.f49479q.size() == 1 && this.f49478p.size() > 1)) {
                    for (int i12 = 0; i12 < keyManagerArr.length; i12++) {
                        if (keyManagerArr[i12] instanceof X509ExtendedKeyManager) {
                            keyManagerArr[i12] = new org.eclipse.jetty.util.ssl.a((X509ExtendedKeyManager) keyManagerArr[i12]);
                        }
                    }
                }
            }
        }
        e10.b bVar = f49461i0;
        if (bVar.isDebugEnabled()) {
            bVar.b("managers={} for {}", keyManagerArr, this);
        }
        return keyManagerArr;
    }

    public String X2() {
        return this.f49486x;
    }

    public String Y2() {
        return this.f49487y;
    }

    public int Z2() {
        return this.P;
    }

    public void a2(SSLParameters sSLParameters) {
        for (String str : sSLParameters.getCipherSuites()) {
            for (String str2 : f49466n0) {
                if (str.matches(str2)) {
                    f49462j0.a("Weak cipher suite {} enabled for {}", str, this);
                }
            }
        }
    }

    @Deprecated
    public boolean a3() {
        return this.D;
    }

    @Override // org.eclipse.jetty.util.component.AbstractLifeCycle
    public void b1() throws Exception {
        synchronized (this) {
            O3();
        }
        super.b1();
    }

    public String b3() {
        return this.T;
    }

    public String c3() {
        return this.J;
    }

    public void d2() {
        SSLEngine createSSLEngine = this.f49471e0.f49494c.createSSLEngine();
        o2(createSSLEngine);
        SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
        g2(sSLParameters);
        a2(sSLParameters);
    }

    public String d3() {
        return this.I;
    }

    public void e2() {
        if (C2() == null) {
            f49462j0.a("No Client EndPointIdentificationAlgorithm configured for {}", this);
        }
    }

    public int e3() {
        return this.f49470d0;
    }

    public final void f2() {
        if (d()) {
            return;
        }
        throw new IllegalStateException("!STARTED: " + this);
    }

    public SSLContext f3() throws NoSuchAlgorithmException {
        String c32 = c3();
        String d32 = d3();
        if (d32 != null) {
            try {
                return SSLContext.getInstance(c32, d32);
            } catch (Throwable th2) {
                f49461i0.g("Unable to get SSLContext instance for protocol [{}] on provider [{}], using default", c32, d32);
                if (f49461i0.isDebugEnabled()) {
                    f49461i0.h(th2);
                }
            }
        }
        return SSLContext.getInstance(c32);
    }

    public void g2(SSLParameters sSLParameters) {
        for (String str : sSLParameters.getProtocols()) {
            for (String str2 : f49465m0) {
                if (str2.equals(str)) {
                    f49462j0.a("Protocol {} not excluded for {}", str, this);
                }
            }
        }
    }

    public String g3() {
        return this.K;
    }

    public SecureRandom h3() throws NoSuchAlgorithmException {
        String g32 = g3();
        if (g32 == null) {
            return null;
        }
        String d32 = d3();
        if (d32 != null) {
            try {
                return SecureRandom.getInstance(g32, d32);
            } catch (Throwable th2) {
                f49461i0.g("Unable to get SecureRandom instance for algorithm [{}] on provider [{}], using default", g32, d32);
                if (f49461i0.isDebugEnabled()) {
                    f49461i0.h(th2);
                }
            }
        }
        return SecureRandom.getInstance(g32);
    }

    public SSLContext i3() {
        SSLContext sSLContext;
        if (!d()) {
            return this.Z;
        }
        synchronized (this) {
            sSLContext = this.f49471e0.f49494c;
        }
        return sSLContext;
    }

    public int j3() {
        return this.X;
    }

    public int k3() {
        return this.Y;
    }

    public String l3() {
        return this.M;
    }

    public void m2() {
        if (v3()) {
            f49462j0.a("Trusting all certificates configured for {}", this);
        }
    }

    public TrustManagerFactory m3() throws NoSuchAlgorithmException {
        String l32 = l3();
        String d32 = d3();
        if (d32 != null) {
            try {
                return TrustManagerFactory.getInstance(l32, d32);
            } catch (Throwable th2) {
                f49461i0.g("Unable to get TrustManagerFactory instance for algorithm [{}] on provider [{}], using default", l32, d32);
                if (f49461i0.isDebugEnabled()) {
                    f49461i0.h(th2);
                }
            }
        }
        return TrustManagerFactory.getInstance(l32);
    }

    public SSLParameters n2(SSLParameters sSLParameters) {
        sSLParameters.setEndpointIdentificationAlgorithm(C2());
        sSLParameters.setUseCipherSuitesOrder(w3());
        if (!this.f49479q.isEmpty() || !this.f49480r.isEmpty()) {
            sSLParameters.setSNIMatchers(Collections.singletonList(new b()));
        }
        String[] strArr = this.f49484v;
        if (strArr != null) {
            sSLParameters.setCipherSuites(strArr);
        }
        String[] strArr2 = this.f49481s;
        if (strArr2 != null) {
            sSLParameters.setProtocols(strArr2);
        }
        if (!(this instanceof Client)) {
            if (q3()) {
                sSLParameters.setWantClientAuth(true);
            }
            if (a3()) {
                sSLParameters.setNeedClientAuth(true);
            }
        }
        return sSLParameters;
    }

    public TrustManager[] n3(KeyStore keyStore, Collection<? extends CRL> collection) throws Exception {
        if (keyStore == null) {
            return null;
        }
        if (!y3() || !"PKIX".equalsIgnoreCase(l3())) {
            TrustManagerFactory m32 = m3();
            m32.init(keyStore);
            return m32.getTrustManagers();
        }
        PKIXBuilderParameters D3 = D3(keyStore, collection);
        TrustManagerFactory m33 = m3();
        m33.init(new CertPathTrustManagerParameters(D3));
        return m33.getTrustManagers();
    }

    public void o2(SSLEngine sSLEngine) {
        e10.b bVar = f49461i0;
        if (bVar.isDebugEnabled()) {
            bVar.b("Customize {}", sSLEngine);
        }
        sSLEngine.setSSLParameters(n2(sSLEngine.getSSLParameters()));
    }

    public String o3() {
        return this.B;
    }

    public String p3() {
        return this.C;
    }

    @Deprecated
    public boolean q3() {
        return this.E;
    }

    @Override // d10.b
    public void r1(Appendable appendable, String str) throws IOException {
        try {
            SSLEngine createSSLEngine = SSLContext.getDefault().createSSLEngine();
            d10.b.h(appendable, str, this, "trustAll=" + this.f49468b0, new e("Protocol", createSSLEngine.getSupportedProtocols(), createSSLEngine.getEnabledProtocols(), G2(), N2()), new e("Cipher Suite", createSSLEngine.getSupportedCipherSuites(), createSSLEngine.getEnabledCipherSuites(), E2(), M2()));
        } catch (NoSuchAlgorithmException e11) {
            f49461i0.i(e11);
        }
    }

    public boolean r3() {
        return this.R;
    }

    public boolean s3() {
        return this.S;
    }

    public boolean t3() {
        return this.f49469c0;
    }

    @Override // org.eclipse.jetty.util.component.AbstractLifeCycle
    public String toString() {
        return String.format("%s@%x[provider=%s,keyStore=%s,trustStore=%s]", getClass().getSimpleName(), Integer.valueOf(hashCode()), this.I, this.f49485w, this.A);
    }

    public boolean u3() {
        return this.W;
    }

    public String v2() {
        return this.f49488z;
    }

    public boolean v3() {
        return this.f49468b0;
    }

    public CertStore w2(Collection<? extends CRL> collection) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        String d32 = d3();
        if (d32 != null) {
            try {
                return CertStore.getInstance("Collection", new CollectionCertStoreParameters(collection), d32);
            } catch (Throwable th2) {
                e10.b bVar = f49461i0;
                bVar.g("Unable to get CertStore instance for type [{}] on provider [{}], using default", "Collection", d32);
                if (bVar.isDebugEnabled()) {
                    bVar.h(th2);
                }
            }
        }
        return CertStore.getInstance("Collection", new CollectionCertStoreParameters(collection));
    }

    public boolean w3() {
        return this.f49482t;
    }

    public boolean x3() {
        return this.N;
    }

    public Comparator<String> y2() {
        return this.f49483u;
    }

    public boolean y3() {
        return this.O;
    }

    public final void z3() throws Exception {
        SSLContext f32;
        TrustManager[] trustManagerArr;
        SSLContext sSLContext = this.Z;
        KeyStore keyStore = this.U;
        KeyStore keyStore2 = this.V;
        if (sSLContext == null) {
            if (keyStore == null && this.f49485w == null && keyStore2 == null && this.A == null) {
                if (v3()) {
                    e10.b bVar = f49461i0;
                    if (bVar.isDebugEnabled()) {
                        bVar.b("No keystore or trust store configured.  ACCEPTING UNTRUSTED CERTIFICATES!!!!!", new Object[0]);
                    }
                    trustManagerArr = f49460h0;
                } else {
                    trustManagerArr = null;
                }
                f32 = f3();
                f32.init(null, trustManagerArr, h3());
            } else {
                if (keyStore == null) {
                    keyStore = B3(this.f49485w);
                }
                if (keyStore2 == null) {
                    keyStore2 = C3(this.A);
                }
                Collection<? extends CRL> A3 = A3(B2());
                if (keyStore != null) {
                    Iterator it = Collections.list(keyStore.aliases()).iterator();
                    while (it.hasNext()) {
                        String str = (String) it.next();
                        Certificate certificate = keyStore.getCertificate(str);
                        if (certificate != null && "X.509".equals(certificate.getType())) {
                            X509Certificate x509Certificate = (X509Certificate) certificate;
                            if (f.e(x509Certificate)) {
                                e10.b bVar2 = f49461i0;
                                if (bVar2.isDebugEnabled()) {
                                    bVar2.b("Skipping " + x509Certificate, new Object[0]);
                                }
                            } else {
                                f fVar = new f(str, x509Certificate);
                                this.f49478p.put(str, fVar);
                                if (x3()) {
                                    g10.a aVar = new g10.a(keyStore2, A3);
                                    aVar.c(Z2());
                                    aVar.a(r3());
                                    aVar.b(s3());
                                    aVar.d(b3());
                                    aVar.e(keyStore, x509Certificate);
                                }
                                f49461i0.g("x509={} for {}", fVar, this);
                                Iterator<String> it2 = fVar.c().iterator();
                                while (it2.hasNext()) {
                                    this.f49479q.put(it2.next(), fVar);
                                }
                                Iterator<String> it3 = fVar.d().iterator();
                                while (it3.hasNext()) {
                                    this.f49480r.put(it3.next(), fVar);
                                }
                            }
                        }
                    }
                }
                KeyManager[] W2 = W2(keyStore);
                TrustManager[] n32 = n3(keyStore2, A3);
                f32 = f3();
                f32.init(W2, n32, h3());
            }
            sSLContext = f32;
        }
        SSLSessionContext serverSessionContext = sSLContext.getServerSessionContext();
        if (serverSessionContext != null) {
            if (j3() > -1) {
                serverSessionContext.setSessionCacheSize(j3());
            }
            if (k3() > -1) {
                serverSessionContext.setSessionTimeout(k3());
            }
        }
        SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
        SSLParameters supportedSSLParameters = sSLContext.getSupportedSSLParameters();
        H3(defaultSSLParameters.getCipherSuites(), supportedSSLParameters.getCipherSuites());
        I3(defaultSSLParameters.getProtocols(), supportedSSLParameters.getProtocols());
        this.f49471e0 = new c(keyStore, keyStore2, sSLContext);
        e10.b bVar3 = f49461i0;
        if (bVar3.isDebugEnabled()) {
            bVar3.b("Selected Protocols {} of {}", Arrays.asList(this.f49481s), Arrays.asList(supportedSSLParameters.getProtocols()));
            bVar3.b("Selected Ciphers   {} of {}", Arrays.asList(this.f49484v), Arrays.asList(supportedSSLParameters.getCipherSuites()));
        }
    }
}
