package io.grpc.netty;

import androidx.constraintlayout.core.SolverVariable$Type$EnumUnboxingSharedUtility;
import com.google.android.material.R$styleable;
import io.grpc.internal.ConscryptLoader;
import io.netty.handler.codec.http2.Http2SecurityUtil;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth$EnumUnboxingLocalUtility;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.util.internal.ObjectUtil;
import java.io.File;
import java.lang.reflect.Method;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.conscrypt.Conscrypt;
import org.conscrypt.OpenSSLProvider$$ExternalSyntheticOutline0;

/* loaded from: classes.dex */
public final class GrpcSslContexts {
    public static final ApplicationProtocolConfig ALPN;
    public static final List<String> NEXT_PROTOCOL_VERSIONS;
    public static final ApplicationProtocolConfig NPN;
    public static final ApplicationProtocolConfig NPN_AND_ALPN;
    public static final Logger logger = Logger.getLogger(GrpcSslContexts.class.getName());

    /* loaded from: classes.dex */
    public static class ConscryptHolder {
        public static final Provider PROVIDER;
        public static final Throwable UNAVAILABILITY_CAUSE;

        static {
            Method method;
            Provider provider = null;
            try {
                method = ConscryptLoader.NEW_PROVIDER_METHOD;
            } catch (Throwable th) {
                th = th;
            }
            if (!(method != null)) {
                int i = Conscrypt.$r8$clinit;
                throw new AssertionError("Unexpected failure referencing Conscrypt class");
            }
            Provider provider2 = (Provider) method.invoke(null, new Object[0]);
            th = null;
            provider = provider2;
            PROVIDER = provider;
            UNAVAILABILITY_CAUSE = th;
        }
    }

    static {
        List<String> unmodifiableList = Collections.unmodifiableList(Arrays.asList("h2"));
        NEXT_PROTOCOL_VERSIONS = unmodifiableList;
        ALPN = new ApplicationProtocolConfig(3, unmodifiableList);
        NPN = new ApplicationProtocolConfig(2, unmodifiableList);
        NPN_AND_ALPN = new ApplicationProtocolConfig(4, unmodifiableList);
    }

    public static Provider findJdkProvider() {
        for (Provider provider : Security.getProviders("SSLContext.TLS")) {
            if ("SunJSSE".equals(provider.getName())) {
                if (JettyTlsUtil.isJettyAlpnConfigured() || JettyTlsUtil.isJettyNpnConfigured() || JettyTlsUtil.isJava9AlpnAvailable()) {
                    return provider;
                }
            } else if ("IBMJSSE2".equals(provider.getName()) || "OpenJSSE".equals(provider.getName())) {
                if (JettyTlsUtil.isJava9AlpnAvailable()) {
                    return provider;
                }
            } else if (ConscryptLoader.isConscrypt(provider)) {
                return provider;
            }
        }
        Provider provider2 = ConscryptHolder.PROVIDER;
        if (provider2 != null) {
            return provider2;
        }
        return null;
    }

    public static SslContextBuilder forServer(File file, File file2) {
        ClassNotFoundException classNotFoundException;
        int i;
        ApplicationProtocolConfig applicationProtocolConfig;
        SslContextBuilder sslContextBuilder = new SslContextBuilder();
        try {
            X509Certificate[] x509Certificates = SslContext.toX509Certificates(file);
            try {
                PrivateKey privateKey = SslContext.toPrivateKey(file2);
                if (sslContextBuilder.forServer) {
                    ObjectUtil.checkNonEmpty(x509Certificates, "keyCertChain");
                    Objects.requireNonNull(privateKey, "key required for servers");
                }
                if (x509Certificates.length == 0) {
                    sslContextBuilder.keyCertChain = null;
                } else {
                    for (X509Certificate x509Certificate : x509Certificates) {
                        ObjectUtil.checkNotNullWithIAE(x509Certificate, "cert");
                    }
                    sslContextBuilder.keyCertChain = (X509Certificate[]) x509Certificates.clone();
                }
                sslContextBuilder.key = privateKey;
                sslContextBuilder.keyPassword = null;
                if (OpenSsl.isAvailable()) {
                    logger.log(Level.FINE, "Selecting OPENSSL");
                    i = 2;
                } else {
                    Provider findJdkProvider = findJdkProvider();
                    if (findJdkProvider == null) {
                        Logger logger2 = logger;
                        logger2.log(Level.INFO, "Java 9 ALPN API unavailable (this may be normal)");
                        logger2.log(Level.INFO, "netty-tcnative unavailable (this may be normal)", OpenSsl.UNAVAILABILITY_CAUSE);
                        logger2.log(Level.INFO, "Conscrypt not found (this may be normal)", ConscryptHolder.UNAVAILABILITY_CAUSE);
                        Level level = Level.INFO;
                        synchronized (JettyTlsUtil.class) {
                            if (JettyTlsUtil.jettyAlpnUnavailabilityCause == null) {
                                JettyTlsUtil.isJettyAlpnConfigured();
                            }
                            classNotFoundException = JettyTlsUtil.jettyAlpnUnavailabilityCause;
                        }
                        logger2.log(level, "Jetty ALPN unavailable (this may be normal)", (Throwable) classNotFoundException);
                        throw new IllegalStateException("Could not find TLS ALPN provider; no working netty-tcnative, Conscrypt, or Jetty NPN/ALPN available");
                    }
                    logger.log(Level.FINE, "Selecting JDK with provider {0}", findJdkProvider);
                    i = 1;
                }
                int ordinal = SolverVariable$Type$EnumUnboxingSharedUtility.ordinal(i);
                if (ordinal == 0) {
                    Provider findJdkProvider2 = findJdkProvider();
                    if (findJdkProvider2 == null) {
                        throw new IllegalArgumentException("Could not find Jetty NPN/ALPN or Conscrypt as installed JDK providers");
                    }
                    if ("SunJSSE".equals(findJdkProvider2.getName())) {
                        if (JettyTlsUtil.isJettyAlpnConfigured()) {
                            applicationProtocolConfig = ALPN;
                        } else if (JettyTlsUtil.isJettyNpnConfigured()) {
                            applicationProtocolConfig = NPN;
                        } else {
                            if (!JettyTlsUtil.isJava9AlpnAvailable()) {
                                throw new IllegalArgumentException(findJdkProvider2.getName() + " selected, but Java 9+ and Jetty NPN/ALPN unavailable");
                            }
                            applicationProtocolConfig = ALPN;
                        }
                    } else if ("IBMJSSE2".equals(findJdkProvider2.getName()) || "OpenJSSE".equals(findJdkProvider2.getName())) {
                        if (!JettyTlsUtil.isJava9AlpnAvailable()) {
                            throw new IllegalArgumentException(findJdkProvider2.getName() + " selected, but Java 9+ ALPN unavailable");
                        }
                        applicationProtocolConfig = ALPN;
                    } else {
                        if (!ConscryptLoader.isConscrypt(findJdkProvider2)) {
                            throw new IllegalArgumentException("Unknown provider; can't configure: " + findJdkProvider2);
                        }
                        applicationProtocolConfig = ALPN;
                        sslContextBuilder.protocols = (String[]) new String[]{"TLSv1.2"}.clone();
                    }
                    sslContextBuilder.provider = 1;
                    List<String> list = Http2SecurityUtil.CIPHERS;
                    sslContextBuilder.cipherFilter = R$styleable.INSTANCE;
                    sslContextBuilder.ciphers = list;
                    sslContextBuilder.apn = applicationProtocolConfig;
                    sslContextBuilder.sslContextProvider = findJdkProvider2;
                } else {
                    if (ordinal != 1) {
                        StringBuilder m = ClientAuth$EnumUnboxingLocalUtility.m("Unsupported provider: ");
                        m.append(OpenSSLProvider$$ExternalSyntheticOutline0.stringValueOf$1(i));
                        throw new IllegalArgumentException(m.toString());
                    }
                    ApplicationProtocolConfig applicationProtocolConfig2 = ((long) OpenSsl.version()) >= 268443648 ? NPN_AND_ALPN : NPN;
                    sslContextBuilder.provider = 2;
                    List<String> list2 = Http2SecurityUtil.CIPHERS;
                    sslContextBuilder.cipherFilter = R$styleable.INSTANCE;
                    sslContextBuilder.ciphers = list2;
                    sslContextBuilder.apn = applicationProtocolConfig2;
                }
                return sslContextBuilder;
            } catch (Exception e) {
                throw new IllegalArgumentException("File does not contain valid private key: " + file2, e);
            }
        } catch (Exception e2) {
            throw new IllegalArgumentException("File does not contain valid certificates: " + file, e2);
        }
    }
}
