package org.eclipse.jetty.util.ssl;

import d20.e;
import d20.f;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CRL;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.net.imap.IMAPSClient;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.security.CertificateUtils;

/* loaded from: classes9.dex */
public class SslContextFactory extends AbstractLifeCycle implements z10.b {

    /* renamed from: h0, reason: collision with root package name */
    public static final TrustManager[] f51920h0 = {new a()};

    /* renamed from: i0, reason: collision with root package name */
    public static final a20.b f51921i0;

    /* renamed from: j0, reason: collision with root package name */
    public static final a20.b f51922j0;

    /* renamed from: k0, reason: collision with root package name */
    public static final String f51923k0;

    /* renamed from: l0, reason: collision with root package name */
    public static final String f51924l0;

    /* renamed from: m0, reason: collision with root package name */
    public static final String[] f51925m0;

    /* renamed from: n0, reason: collision with root package name */
    public static final String[] f51926n0;
    public Resource A;
    public String B;
    public String C;
    public boolean D;
    public boolean E;
    public c20.c F;
    public c20.c G;
    public c20.c H;
    public String I;
    public String J;
    public String K;
    public String L;
    public String M;
    public boolean N;
    public boolean O;
    public int P;
    public String Q;
    public boolean R;
    public boolean S;
    public String T;
    public KeyStore U;
    public KeyStore V;
    public boolean W;
    public int X;
    public int Y;
    public SSLContext Z;

    /* renamed from: a0, reason: collision with root package name */
    public String f51927a0;

    /* renamed from: b0, reason: collision with root package name */
    public boolean f51928b0;

    /* renamed from: c0, reason: collision with root package name */
    public boolean f51929c0;

    /* renamed from: d0, reason: collision with root package name */
    public int f51930d0;

    /* renamed from: e0, reason: collision with root package name */
    public c f51931e0;

    /* renamed from: f0, reason: collision with root package name */
    public PKIXCertPathChecker f51932f0;

    /* renamed from: g0, reason: collision with root package name */
    public HostnameVerifier f51933g0;

    /* renamed from: l, reason: collision with root package name */
    public final Set<String> f51934l;

    /* renamed from: m, reason: collision with root package name */
    public final Set<String> f51935m;

    /* renamed from: n, reason: collision with root package name */
    public final Set<String> f51936n;

    /* renamed from: o, reason: collision with root package name */
    public final List<String> f51937o;

    /* renamed from: p, reason: collision with root package name */
    public final Map<String, f> f51938p;

    /* renamed from: q, reason: collision with root package name */
    public final Map<String, f> f51939q;

    /* renamed from: r, reason: collision with root package name */
    public final Map<String, f> f51940r;

    /* renamed from: s, reason: collision with root package name */
    public String[] f51941s;

    /* renamed from: t, reason: collision with root package name */
    public boolean f51942t;

    /* renamed from: u, reason: collision with root package name */
    public Comparator<String> f51943u;

    /* renamed from: v, reason: collision with root package name */
    public String[] f51944v;

    /* renamed from: w, reason: collision with root package name */
    public Resource f51945w;

    /* renamed from: x, reason: collision with root package name */
    public String f51946x;

    /* renamed from: y, reason: collision with root package name */
    public String f51947y;

    /* renamed from: z, reason: collision with root package name */
    public String f51948z;

    /* loaded from: classes9.dex */
    public static class Client extends SslContextFactory {
        public Client() {
            this(false);
        }

        public Client(boolean z11) {
            super(z11);
        }

        @Override // org.eclipse.jetty.util.ssl.SslContextFactory
        public void e2() {
            m2();
            h2();
            super.e2();
        }
    }

    /* loaded from: classes9.dex */
    public static class Server extends SslContextFactory {
        public Server() {
            L3(null);
        }

        @Override // org.eclipse.jetty.util.ssl.SslContextFactory
        public boolean c3() {
            return super.c3();
        }

        @Override // org.eclipse.jetty.util.ssl.SslContextFactory
        public boolean s3() {
            return super.s3();
        }
    }

    /* loaded from: classes9.dex */
    public class a implements X509TrustManager {
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* loaded from: classes9.dex */
    public class b extends SNIMatcher {

        /* renamed from: a, reason: collision with root package name */
        public String f51949a;

        /* renamed from: b, reason: collision with root package name */
        public f f51950b;

        public b() {
            super(0);
        }

        public String a() {
            return this.f51949a;
        }

        public f b() {
            return this.f51950b;
        }

        @Override // javax.net.ssl.SNIMatcher
        public boolean matches(SNIServerName sNIServerName) {
            int indexOf;
            if (SslContextFactory.f51921i0.isDebugEnabled()) {
                SslContextFactory.f51921i0.b("SNI matching for {}", sNIServerName);
            }
            if (sNIServerName instanceof SNIHostName) {
                String asciiName = ((SNIHostName) sNIServerName).getAsciiName();
                this.f51949a = asciiName;
                String b11 = StringUtil.b(asciiName);
                f fVar = (f) SslContextFactory.this.f51939q.get(b11);
                this.f51950b = fVar;
                if (fVar == null) {
                    f fVar2 = (f) SslContextFactory.this.f51940r.get(b11);
                    this.f51950b = fVar2;
                    if (fVar2 == null && (indexOf = b11.indexOf(46)) >= 0) {
                        this.f51950b = (f) SslContextFactory.this.f51940r.get(b11.substring(indexOf + 1));
                    }
                }
                if (SslContextFactory.f51921i0.isDebugEnabled()) {
                    SslContextFactory.f51921i0.b("SNI matched {}->{}", b11, this.f51950b);
                }
            } else if (SslContextFactory.f51921i0.isDebugEnabled()) {
                SslContextFactory.f51921i0.b("SNI no match for {}", sNIServerName);
            }
            return true;
        }
    }

    /* loaded from: classes9.dex */
    public class c {

        /* renamed from: a, reason: collision with root package name */
        public final KeyStore f51952a;

        /* renamed from: b, reason: collision with root package name */
        public final KeyStore f51953b;

        /* renamed from: c, reason: collision with root package name */
        public final SSLContext f51954c;

        public c(KeyStore keyStore, KeyStore keyStore2, SSLContext sSLContext) {
            this.f51952a = keyStore;
            this.f51953b = keyStore2;
            this.f51954c = sSLContext;
        }
    }

    static {
        a20.b a11 = Log.a(SslContextFactory.class);
        f51921i0 = a11;
        f51922j0 = a11.c("config");
        f51923k0 = KeyManagerFactory.getDefaultAlgorithm();
        f51924l0 = TrustManagerFactory.getDefaultAlgorithm();
        f51925m0 = new String[]{"SSL", "SSLv2", "SSLv2Hello", "SSLv3"};
        f51926n0 = new String[]{"^.*_(MD5|SHA|SHA1)$", "^TLS_RSA_.*$", "^SSL_.*$", "^.*_NULL_.*$", "^.*_anon_.*$"};
    }

    @Deprecated
    public SslContextFactory() {
        this(false);
    }

    @Deprecated
    public SslContextFactory(boolean z11) {
        this(z11, null);
    }

    public SslContextFactory(boolean z11, String str) {
        this.f51934l = new LinkedHashSet();
        this.f51935m = new LinkedHashSet();
        this.f51936n = new LinkedHashSet();
        this.f51937o = new ArrayList();
        this.f51938p = new HashMap();
        this.f51939q = new HashMap();
        this.f51940r = new HashMap();
        this.f51942t = true;
        this.f51947y = "JKS";
        this.D = false;
        this.E = false;
        this.J = IMAPSClient.DEFAULT_PROTOCOL;
        this.L = f51923k0;
        this.M = f51924l0;
        this.P = -1;
        this.R = false;
        this.S = false;
        this.W = true;
        this.X = -1;
        this.Y = -1;
        this.f51927a0 = "HTTPS";
        this.f51929c0 = true;
        this.f51930d0 = 5;
        P3(z11);
        N3(f51925m0);
        M3(f51926n0);
        if (str != null) {
            O3(str);
        }
    }

    @Override // org.eclipse.jetty.util.component.AbstractLifeCycle
    public void A1() throws Exception {
        synchronized (this) {
            Q3();
        }
        super.A1();
    }

    public boolean A3() {
        return this.O;
    }

    public final void B3() throws Exception {
        SSLContext h32;
        TrustManager[] trustManagerArr;
        SSLContext sSLContext = this.Z;
        KeyStore keyStore = this.U;
        KeyStore keyStore2 = this.V;
        if (sSLContext == null) {
            if (keyStore == null && this.f51945w == null && keyStore2 == null && this.A == null) {
                if (x3()) {
                    a20.b bVar = f51921i0;
                    if (bVar.isDebugEnabled()) {
                        bVar.b("No keystore or trust store configured.  ACCEPTING UNTRUSTED CERTIFICATES!!!!!", new Object[0]);
                    }
                    trustManagerArr = f51920h0;
                } else {
                    trustManagerArr = null;
                }
                h32 = h3();
                h32.init(null, trustManagerArr, j3());
            } else {
                if (keyStore == null) {
                    keyStore = D3(this.f51945w);
                }
                if (keyStore2 == null) {
                    keyStore2 = E3(this.A);
                }
                Collection<? extends CRL> C3 = C3(C2());
                if (keyStore != null) {
                    Iterator it = Collections.list(keyStore.aliases()).iterator();
                    while (it.hasNext()) {
                        String str = (String) it.next();
                        Certificate certificate = keyStore.getCertificate(str);
                        if (certificate != null && "X.509".equals(certificate.getType())) {
                            X509Certificate x509Certificate = (X509Certificate) certificate;
                            if (f.e(x509Certificate)) {
                                a20.b bVar2 = f51921i0;
                                if (bVar2.isDebugEnabled()) {
                                    bVar2.b("Skipping " + x509Certificate, new Object[0]);
                                }
                            } else {
                                f fVar = new f(str, x509Certificate);
                                this.f51938p.put(str, fVar);
                                if (z3()) {
                                    c20.a aVar = new c20.a(keyStore2, C3);
                                    aVar.c(b3());
                                    aVar.a(t3());
                                    aVar.b(u3());
                                    aVar.d(d3());
                                    aVar.e(keyStore, x509Certificate);
                                }
                                f51921i0.g("x509={} for {}", fVar, this);
                                Iterator<String> it2 = fVar.c().iterator();
                                while (it2.hasNext()) {
                                    this.f51939q.put(it2.next(), fVar);
                                }
                                Iterator<String> it3 = fVar.d().iterator();
                                while (it3.hasNext()) {
                                    this.f51940r.put(it3.next(), fVar);
                                }
                            }
                        }
                    }
                }
                KeyManager[] Y2 = Y2(keyStore);
                TrustManager[] p32 = p3(keyStore2, C3);
                h32 = h3();
                h32.init(Y2, p32, j3());
            }
            sSLContext = h32;
        }
        SSLSessionContext serverSessionContext = sSLContext.getServerSessionContext();
        if (serverSessionContext != null) {
            if (l3() > -1) {
                serverSessionContext.setSessionCacheSize(l3());
            }
            if (m3() > -1) {
                serverSessionContext.setSessionTimeout(m3());
            }
        }
        SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
        SSLParameters supportedSSLParameters = sSLContext.getSupportedSSLParameters();
        J3(defaultSSLParameters.getCipherSuites(), supportedSSLParameters.getCipherSuites());
        K3(defaultSSLParameters.getProtocols(), supportedSSLParameters.getProtocols());
        this.f51931e0 = new c(keyStore, keyStore2, sSLContext);
        a20.b bVar3 = f51921i0;
        if (bVar3.isDebugEnabled()) {
            bVar3.b("Selected Protocols {} of {}", Arrays.asList(this.f51941s), Arrays.asList(supportedSSLParameters.getProtocols()));
            bVar3.b("Selected Ciphers   {} of {}", Arrays.asList(this.f51944v), Arrays.asList(supportedSSLParameters.getCipherSuites()));
        }
    }

    public String C2() {
        return this.Q;
    }

    public Collection<? extends CRL> C3(String str) throws Exception {
        return CertificateUtils.b(str);
    }

    public String D2() {
        return this.f51927a0;
    }

    public KeyStore D3(Resource resource) throws Exception {
        return CertificateUtils.a(resource, a3(), Z2(), Objects.toString(this.F, null));
    }

    public KeyStore E3(Resource resource) throws Exception {
        String objects = Objects.toString(r3(), a3());
        String objects2 = Objects.toString(q3(), Z2());
        c20.c cVar = this.H;
        if (resource == null || resource.equals(this.f51945w)) {
            resource = this.f51945w;
            if (cVar == null) {
                cVar = this.F;
            }
        }
        return CertificateUtils.a(resource, objects, objects2, Objects.toString(cVar, null));
    }

    public PKIXBuilderParameters F3(KeyStore keyStore, Collection<? extends CRL> collection) throws Exception {
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.setMaxPathLength(this.P);
        pKIXBuilderParameters.setRevocationEnabled(true);
        PKIXCertPathChecker pKIXCertPathChecker = this.f51932f0;
        if (pKIXCertPathChecker != null) {
            pKIXBuilderParameters.addCertPathChecker(pKIXCertPathChecker);
        }
        if (collection != null && !collection.isEmpty()) {
            pKIXBuilderParameters.addCertStore(t2(collection));
        }
        if (this.R) {
            System.setProperty("com.sun.security.enableCRLDP", "true");
        }
        if (this.S) {
            Security.setProperty("ocsp.enable", "true");
            String str = this.T;
            if (str != null) {
                Security.setProperty("ocsp.responderURL", str);
            }
        }
        return pKIXBuilderParameters;
    }

    public String[] G2() {
        return (String[]) this.f51936n.toArray(new String[0]);
    }

    public SSLEngine G3(String str, int i11) {
        i2();
        SSLContext k32 = k3();
        SSLEngine createSSLEngine = w3() ? k32.createSSLEngine(str, i11) : k32.createSSLEngine();
        r2(createSSLEngine);
        return createSSLEngine;
    }

    public String[] H2() {
        return (String[]) this.f51934l.toArray(new String[0]);
    }

    public void H3(String[] strArr, List<String> list) {
        for (String str : this.f51937o) {
            Pattern compile = Pattern.compile(str);
            boolean z11 = false;
            for (String str2 : strArr) {
                if (compile.matcher(str2).matches()) {
                    list.add(str2);
                    z11 = true;
                }
            }
            if (!z11) {
                f51921i0.g("No Cipher matching '{}' is supported", str);
            }
        }
    }

    public void I3(List<String> list) {
        Iterator<String> it = this.f51936n.iterator();
        while (it.hasNext()) {
            Pattern compile = Pattern.compile(it.next());
            Iterator<String> it2 = list.iterator();
            while (it2.hasNext()) {
                if (compile.matcher(it2.next()).matches()) {
                    it2.remove();
                }
            }
        }
    }

    public HostnameVerifier J2() {
        return this.f51933g0;
    }

    public void J3(String[] strArr, String[] strArr2) {
        ArrayList arrayList = new ArrayList();
        if (this.f51937o.isEmpty()) {
            arrayList.addAll(Arrays.asList(strArr));
        } else {
            H3(strArr2, arrayList);
        }
        I3(arrayList);
        if (arrayList.isEmpty()) {
            f51921i0.a("No supported ciphers from {}", Arrays.asList(strArr2));
        }
        Comparator<String> y22 = y2();
        if (y22 != null) {
            a20.b bVar = f51921i0;
            if (bVar.isDebugEnabled()) {
                bVar.b("Sorting selected ciphers with {}", y22);
            }
            arrayList.sort(y22);
        }
        this.f51944v = (String[]) arrayList.toArray(new String[0]);
    }

    public void K3(String[] strArr, String[] strArr2) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (this.f51935m.isEmpty()) {
            linkedHashSet.addAll(Arrays.asList(strArr));
        } else {
            for (String str : this.f51935m) {
                if (Arrays.asList(strArr2).contains(str)) {
                    linkedHashSet.add(str);
                } else {
                    f51921i0.g("Protocol {} not supported in {}", str, Arrays.asList(strArr2));
                }
            }
        }
        linkedHashSet.removeAll(this.f51934l);
        if (linkedHashSet.isEmpty()) {
            f51921i0.a("No selected protocols from {}", Arrays.asList(strArr2));
        }
        this.f51941s = (String[]) linkedHashSet.toArray(new String[0]);
    }

    public String[] L2() {
        return (String[]) this.f51937o.toArray(new String[0]);
    }

    public void L3(String str) {
        this.f51927a0 = str;
    }

    public void M3(String... strArr) {
        this.f51936n.clear();
        this.f51936n.addAll(Arrays.asList(strArr));
    }

    public void N3(String... strArr) {
        this.f51934l.clear();
        this.f51934l.addAll(Arrays.asList(strArr));
    }

    public void O3(String str) {
        try {
            this.f51945w = Resource.g(str);
        } catch (Exception e11) {
            throw new IllegalArgumentException(e11);
        }
    }

    public String[] P2() {
        return (String[]) this.f51935m.toArray(new String[0]);
    }

    public void P3(boolean z11) {
        this.f51928b0 = z11;
        if (z11) {
            L3(null);
        }
    }

    public final void Q3() {
        this.f51931e0 = null;
        this.f51941s = null;
        this.f51944v = null;
        this.f51938p.clear();
        this.f51939q.clear();
        this.f51940r.clear();
    }

    public String R2() {
        return this.L;
    }

    public KeyManagerFactory V2() throws NoSuchAlgorithmException {
        String R2 = R2();
        String f32 = f3();
        if (f32 != null) {
            try {
                return KeyManagerFactory.getInstance(R2, f32);
            } catch (Throwable th2) {
                f51921i0.g("Unable to get KeyManagerFactory instance for algorithm [{}] on provider [{}], using default", R2, f32);
                if (f51921i0.isDebugEnabled()) {
                    f51921i0.h(th2);
                }
            }
        }
        return KeyManagerFactory.getInstance(R2);
    }

    public KeyManager[] Y2(KeyStore keyStore) throws Exception {
        KeyManager[] keyManagerArr = null;
        if (keyStore != null) {
            KeyManagerFactory V2 = V2();
            c20.c cVar = this.G;
            V2.init(keyStore, (cVar == null && (cVar = this.F) == null) ? null : cVar.toString().toCharArray());
            keyManagerArr = V2.getKeyManagers();
            if (keyManagerArr != null) {
                String s22 = s2();
                if (s22 != null) {
                    for (int i11 = 0; i11 < keyManagerArr.length; i11++) {
                        if (keyManagerArr[i11] instanceof X509ExtendedKeyManager) {
                            keyManagerArr[i11] = new d20.a((X509ExtendedKeyManager) keyManagerArr[i11], s22);
                        }
                    }
                }
                if (!this.f51940r.isEmpty() || this.f51939q.size() > 1 || (this.f51939q.size() == 1 && this.f51938p.size() > 1)) {
                    for (int i12 = 0; i12 < keyManagerArr.length; i12++) {
                        if (keyManagerArr[i12] instanceof X509ExtendedKeyManager) {
                            keyManagerArr[i12] = new org.eclipse.jetty.util.ssl.a((X509ExtendedKeyManager) keyManagerArr[i12]);
                        }
                    }
                }
            }
        }
        a20.b bVar = f51921i0;
        if (bVar.isDebugEnabled()) {
            bVar.b("managers={} for {}", keyManagerArr, this);
        }
        return keyManagerArr;
    }

    public String Z2() {
        return this.f51946x;
    }

    public String a3() {
        return this.f51947y;
    }

    public int b3() {
        return this.P;
    }

    @Deprecated
    public boolean c3() {
        return this.D;
    }

    public void d2(SSLParameters sSLParameters) {
        for (String str : sSLParameters.getCipherSuites()) {
            for (String str2 : f51926n0) {
                if (str.matches(str2)) {
                    f51922j0.a("Weak cipher suite {} enabled for {}", str, this);
                }
            }
        }
    }

    public String d3() {
        return this.T;
    }

    public void e2() {
        SSLEngine createSSLEngine = this.f51931e0.f51954c.createSSLEngine();
        r2(createSSLEngine);
        SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
        j2(sSLParameters);
        d2(sSLParameters);
    }

    public String e3() {
        return this.J;
    }

    public String f3() {
        return this.I;
    }

    public int g3() {
        return this.f51930d0;
    }

    public void h2() {
        if (D2() == null) {
            f51922j0.a("No Client EndPointIdentificationAlgorithm configured for {}", this);
        }
    }

    public SSLContext h3() throws NoSuchAlgorithmException {
        String e32 = e3();
        String f32 = f3();
        if (f32 != null) {
            try {
                return SSLContext.getInstance(e32, f32);
            } catch (Throwable th2) {
                f51921i0.g("Unable to get SSLContext instance for protocol [{}] on provider [{}], using default", e32, f32);
                if (f51921i0.isDebugEnabled()) {
                    f51921i0.h(th2);
                }
            }
        }
        return SSLContext.getInstance(e32);
    }

    public final void i2() {
        if (d()) {
            return;
        }
        throw new IllegalStateException("!STARTED: " + this);
    }

    public String i3() {
        return this.K;
    }

    public void j2(SSLParameters sSLParameters) {
        for (String str : sSLParameters.getProtocols()) {
            for (String str2 : f51925m0) {
                if (str2.equals(str)) {
                    f51922j0.a("Protocol {} not excluded for {}", str, this);
                }
            }
        }
    }

    public SecureRandom j3() throws NoSuchAlgorithmException {
        String i32 = i3();
        if (i32 == null) {
            return null;
        }
        String f32 = f3();
        if (f32 != null) {
            try {
                return SecureRandom.getInstance(i32, f32);
            } catch (Throwable th2) {
                f51921i0.g("Unable to get SecureRandom instance for algorithm [{}] on provider [{}], using default", i32, f32);
                if (f51921i0.isDebugEnabled()) {
                    f51921i0.h(th2);
                }
            }
        }
        return SecureRandom.getInstance(i32);
    }

    public SSLContext k3() {
        SSLContext sSLContext;
        if (!d()) {
            return this.Z;
        }
        synchronized (this) {
            sSLContext = this.f51931e0.f51954c;
        }
        return sSLContext;
    }

    public int l3() {
        return this.X;
    }

    public void m2() {
        if (x3()) {
            f51922j0.a("Trusting all certificates configured for {}", this);
        }
    }

    public int m3() {
        return this.Y;
    }

    public String n3() {
        return this.M;
    }

    public SSLParameters o2(SSLParameters sSLParameters) {
        sSLParameters.setEndpointIdentificationAlgorithm(D2());
        sSLParameters.setUseCipherSuitesOrder(y3());
        if (!this.f51939q.isEmpty() || !this.f51940r.isEmpty()) {
            sSLParameters.setSNIMatchers(Collections.singletonList(new b()));
        }
        String[] strArr = this.f51944v;
        if (strArr != null) {
            sSLParameters.setCipherSuites(strArr);
        }
        String[] strArr2 = this.f51941s;
        if (strArr2 != null) {
            sSLParameters.setProtocols(strArr2);
        }
        if (!(this instanceof Client)) {
            if (s3()) {
                sSLParameters.setWantClientAuth(true);
            }
            if (c3()) {
                sSLParameters.setNeedClientAuth(true);
            }
        }
        return sSLParameters;
    }

    public TrustManagerFactory o3() throws NoSuchAlgorithmException {
        String n32 = n3();
        String f32 = f3();
        if (f32 != null) {
            try {
                return TrustManagerFactory.getInstance(n32, f32);
            } catch (Throwable th2) {
                f51921i0.g("Unable to get TrustManagerFactory instance for algorithm [{}] on provider [{}], using default", n32, f32);
                if (f51921i0.isDebugEnabled()) {
                    f51921i0.h(th2);
                }
            }
        }
        return TrustManagerFactory.getInstance(n32);
    }

    public TrustManager[] p3(KeyStore keyStore, Collection<? extends CRL> collection) throws Exception {
        if (keyStore == null) {
            return null;
        }
        if (!A3() || !"PKIX".equalsIgnoreCase(n3())) {
            TrustManagerFactory o32 = o3();
            o32.init(keyStore);
            return o32.getTrustManagers();
        }
        PKIXBuilderParameters F3 = F3(keyStore, collection);
        TrustManagerFactory o33 = o3();
        o33.init(new CertPathTrustManagerParameters(F3));
        return o33.getTrustManagers();
    }

    public String q3() {
        return this.B;
    }

    public void r2(SSLEngine sSLEngine) {
        a20.b bVar = f51921i0;
        if (bVar.isDebugEnabled()) {
            bVar.b("Customize {}", sSLEngine);
        }
        sSLEngine.setSSLParameters(o2(sSLEngine.getSSLParameters()));
    }

    public String r3() {
        return this.C;
    }

    public String s2() {
        return this.f51948z;
    }

    @Deprecated
    public boolean s3() {
        return this.E;
    }

    public CertStore t2(Collection<? extends CRL> collection) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        String f32 = f3();
        if (f32 != null) {
            try {
                return CertStore.getInstance("Collection", new CollectionCertStoreParameters(collection), f32);
            } catch (Throwable th2) {
                a20.b bVar = f51921i0;
                bVar.g("Unable to get CertStore instance for type [{}] on provider [{}], using default", "Collection", f32);
                if (bVar.isDebugEnabled()) {
                    bVar.h(th2);
                }
            }
        }
        return CertStore.getInstance("Collection", new CollectionCertStoreParameters(collection));
    }

    public boolean t3() {
        return this.R;
    }

    @Override // org.eclipse.jetty.util.component.AbstractLifeCycle
    public String toString() {
        return String.format("%s@%x[provider=%s,keyStore=%s,trustStore=%s]", getClass().getSimpleName(), Integer.valueOf(hashCode()), this.I, this.f51945w, this.A);
    }

    public boolean u3() {
        return this.S;
    }

    @Override // org.eclipse.jetty.util.component.AbstractLifeCycle
    public void v1() throws Exception {
        super.v1();
        synchronized (this) {
            B3();
        }
        e2();
    }

    public boolean v3() {
        return this.f51929c0;
    }

    public boolean w3() {
        return this.W;
    }

    public boolean x3() {
        return this.f51928b0;
    }

    public Comparator<String> y2() {
        return this.f51943u;
    }

    public boolean y3() {
        return this.f51942t;
    }

    @Override // z10.b
    public void z1(Appendable appendable, String str) throws IOException {
        try {
            SSLEngine createSSLEngine = SSLContext.getDefault().createSSLEngine();
            z10.b.i(appendable, str, this, "trustAll=" + this.f51928b0, new e("Protocol", createSSLEngine.getSupportedProtocols(), createSSLEngine.getEnabledProtocols(), H2(), P2()), new e("Cipher Suite", createSSLEngine.getSupportedCipherSuites(), createSSLEngine.getEnabledCipherSuites(), G2(), L2()));
        } catch (NoSuchAlgorithmException e11) {
            f51921i0.i(e11);
        }
    }

    public boolean z3() {
        return this.N;
    }
}
