package io.grpc.okhttp;

import O3.AbstractC0431h;
import O3.AbstractC0440j0;
import O3.AbstractC0451m;
import O3.B1;
import O3.C0459o;
import O3.C0487v0;
import O3.H;
import O3.n3;
import Q3.AbstractC0576b2;
import Q3.I1;
import Q3.InterfaceC0721t4;
import Q3.Q6;
import Q3.W3;
import Q3.e7;
import Q3.h7;
import R3.C0832m;
import R3.C0833n;
import R3.C0836q;
import R3.j0;
import S3.p;
import X3.C1132a;
import com.squareup.okhttp.ConnectionSpec;
import io.grpc.TlsChannelCredentials$Feature;
import io.grpc.internal.h;
import io.grpc.okhttp.internal.CipherSuite;
import io.grpc.okhttp.internal.TlsVersion;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.Executor;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import u1.Z;

/* loaded from: classes3.dex */
public final class c extends AbstractC0440j0 {
    public static final int DEFAULT_FLOW_CONTROL_WINDOW = 65535;

    /* renamed from: q, reason: collision with root package name */
    public static final Logger f8940q = Logger.getLogger(c.class.getName());

    /* renamed from: r, reason: collision with root package name */
    public static final S3.b f8941r = new S3.a(S3.b.MODERN_TLS).cipherSuites(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256).tlsVersions(TlsVersion.TLS_1_2).supportsTlsExtensions(true).build();

    /* renamed from: s, reason: collision with root package name */
    public static final long f8942s = TimeUnit.DAYS.toNanos(1000);

    /* renamed from: t, reason: collision with root package name */
    public static final Q6 f8943t = Q6.forResource(new Object());

    /* renamed from: u, reason: collision with root package name */
    public static final EnumSet f8944u = EnumSet.of(TlsChannelCredentials$Feature.MTLS, TlsChannelCredentials$Feature.CUSTOM_MANAGERS);

    /* renamed from: a, reason: collision with root package name */
    public final W3 f8945a;

    /* renamed from: b, reason: collision with root package name */
    public final e7 f8946b;
    public InterfaceC0721t4 c;
    public InterfaceC0721t4 d;
    public SocketFactory e;

    /* renamed from: f, reason: collision with root package name */
    public SSLSocketFactory f8947f;

    /* renamed from: g, reason: collision with root package name */
    public final boolean f8948g;

    /* renamed from: h, reason: collision with root package name */
    public HostnameVerifier f8949h;

    /* renamed from: i, reason: collision with root package name */
    public S3.b f8950i;

    /* renamed from: j, reason: collision with root package name */
    public OkHttpChannelBuilder$NegotiationType f8951j;

    /* renamed from: k, reason: collision with root package name */
    public long f8952k;

    /* renamed from: l, reason: collision with root package name */
    public long f8953l;

    /* renamed from: m, reason: collision with root package name */
    public int f8954m;

    /* renamed from: n, reason: collision with root package name */
    public boolean f8955n;

    /* renamed from: o, reason: collision with root package name */
    public int f8956o;

    /* renamed from: p, reason: collision with root package name */
    public int f8957p;

    public c(String str) {
        this.f8946b = h7.getDefaultFactory();
        this.c = f8943t;
        this.d = Q6.forResource(AbstractC0576b2.TIMER_SERVICE);
        this.f8950i = f8941r;
        this.f8951j = OkHttpChannelBuilder$NegotiationType.TLS;
        this.f8952k = Long.MAX_VALUE;
        this.f8953l = AbstractC0576b2.DEFAULT_KEEPALIVE_TIMEOUT_NANOS;
        this.f8954m = 65535;
        this.f8956o = 4194304;
        this.f8957p = Integer.MAX_VALUE;
        this.f8945a = new W3(str, new C0833n(this), new C0832m(this));
        this.f8948g = false;
    }

    public c(String str, AbstractC0451m abstractC0451m, AbstractC0431h abstractC0431h, SSLSocketFactory sSLSocketFactory) {
        this.f8946b = h7.getDefaultFactory();
        this.c = f8943t;
        this.d = Q6.forResource(AbstractC0576b2.TIMER_SERVICE);
        this.f8950i = f8941r;
        OkHttpChannelBuilder$NegotiationType okHttpChannelBuilder$NegotiationType = OkHttpChannelBuilder$NegotiationType.TLS;
        this.f8951j = okHttpChannelBuilder$NegotiationType;
        this.f8952k = Long.MAX_VALUE;
        this.f8953l = AbstractC0576b2.DEFAULT_KEEPALIVE_TIMEOUT_NANOS;
        this.f8954m = 65535;
        this.f8956o = 4194304;
        this.f8957p = Integer.MAX_VALUE;
        this.f8945a = new W3(str, abstractC0451m, abstractC0431h, new C0833n(this), new C0832m(this));
        this.f8947f = sSLSocketFactory;
        this.f8951j = sSLSocketFactory == null ? OkHttpChannelBuilder$NegotiationType.PLAINTEXT : okHttpChannelBuilder$NegotiationType;
        this.f8948g = true;
    }

    public static KeyManager[] b(byte[] bArr, byte[] bArr2) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            X509Certificate[] x509Certificates = C1132a.getX509Certificates(byteArrayInputStream);
            AbstractC0576b2.closeQuietly(byteArrayInputStream);
            byteArrayInputStream = new ByteArrayInputStream(bArr2);
            try {
                try {
                    PrivateKey privateKey = C1132a.getPrivateKey(byteArrayInputStream);
                    AbstractC0576b2.closeQuietly(byteArrayInputStream);
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    try {
                        keyStore.load(null, null);
                        keyStore.setKeyEntry("key", privateKey, new char[0], x509Certificates);
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        keyManagerFactory.init(keyStore, new char[0]);
                        return keyManagerFactory.getKeyManagers();
                    } catch (IOException e) {
                        throw new GeneralSecurityException(e);
                    }
                } catch (IOException e7) {
                    throw new GeneralSecurityException("Unable to decode private key", e7);
                }
            } finally {
            }
        } finally {
        }
    }

    public static TrustManager[] c(byte[] bArr) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        try {
            keyStore.load(null, null);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                X509Certificate[] x509Certificates = C1132a.getX509Certificates(byteArrayInputStream);
                AbstractC0576b2.closeQuietly(byteArrayInputStream);
                for (X509Certificate x509Certificate : x509Certificates) {
                    keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName("RFC2253"), x509Certificate);
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                return trustManagerFactory.getTrustManagers();
            } catch (Throwable th) {
                AbstractC0576b2.closeQuietly(byteArrayInputStream);
                throw th;
            }
        } catch (IOException e) {
            throw new GeneralSecurityException(e);
        }
    }

    public static C0836q d(AbstractC0451m abstractC0451m) {
        KeyManager[] keyManagerArr;
        TrustManager[] c;
        if (!(abstractC0451m instanceof n3)) {
            if (abstractC0451m instanceof C0487v0) {
                return C0836q.plaintext();
            }
            if (abstractC0451m instanceof H) {
                H h7 = (H) abstractC0451m;
                return d(h7.getChannelCredentials()).withCallCredentials(h7.getCallCredentials());
            }
            if (!(abstractC0451m instanceof C0459o)) {
                return C0836q.error("Unsupported credential type: ".concat(abstractC0451m.getClass().getName()));
            }
            StringBuilder sb = new StringBuilder();
            Iterator<AbstractC0451m> it = ((C0459o) abstractC0451m).getCredentialsList().iterator();
            while (it.hasNext()) {
                C0836q d = d(it.next());
                if (d.error == null) {
                    return d;
                }
                sb.append(", ");
                sb.append(d.error);
            }
            return C0836q.error(sb.substring(2));
        }
        n3 n3Var = (n3) abstractC0451m;
        Set<TlsChannelCredentials$Feature> incomprehensible = n3Var.incomprehensible(f8944u);
        if (!incomprehensible.isEmpty()) {
            return C0836q.error("TLS features not understood: " + incomprehensible);
        }
        List<KeyManager> keyManagers = n3Var.getKeyManagers();
        Logger logger = f8940q;
        if (keyManagers != null) {
            keyManagerArr = (KeyManager[]) n3Var.getKeyManagers().toArray(new KeyManager[0]);
        } else if (n3Var.getPrivateKey() == null) {
            keyManagerArr = null;
        } else {
            if (n3Var.getPrivateKeyPassword() != null) {
                return C0836q.error("byte[]-based private key with password unsupported. Use unencrypted file or KeyManager");
            }
            try {
                keyManagerArr = b(n3Var.getCertificateChain(), n3Var.getPrivateKey());
            } catch (GeneralSecurityException e) {
                logger.log(Level.FINE, "Exception loading private key from credential", (Throwable) e);
                return C0836q.error("Unable to load private key: " + e.getMessage());
            }
        }
        if (n3Var.getTrustManagers() != null) {
            c = (TrustManager[]) n3Var.getTrustManagers().toArray(new TrustManager[0]);
        } else if (n3Var.getRootCertificates() != null) {
            try {
                c = c(n3Var.getRootCertificates());
            } catch (GeneralSecurityException e7) {
                logger.log(Level.FINE, "Exception loading root certificates from credential", (Throwable) e7);
                return C0836q.error("Unable to load root certificates: " + e7.getMessage());
            }
        } else {
            c = null;
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS", p.get().getProvider());
            sSLContext.init(keyManagerArr, c, null);
            return C0836q.factory(sSLContext.getSocketFactory());
        } catch (GeneralSecurityException e8) {
            throw new RuntimeException("TLS Provider failure", e8);
        }
    }

    public static c forAddress(String str, int i7) {
        return new c(AbstractC0576b2.authorityFromHostAndPort(str, i7));
    }

    public static c forAddress(String str, int i7, AbstractC0451m abstractC0451m) {
        return forTarget(AbstractC0576b2.authorityFromHostAndPort(str, i7), abstractC0451m);
    }

    public static c forTarget(String str) {
        return new c(str);
    }

    public static c forTarget(String str, AbstractC0451m abstractC0451m) {
        C0836q d = d(abstractC0451m);
        if (d.error == null) {
            return new c(str, abstractC0451m, d.callCredentials, d.factory);
        }
        throw new IllegalArgumentException(d.error);
    }

    @Override // O3.AbstractC0440j0
    public final B1 a() {
        return this.f8945a;
    }

    public c connectionSpec(ConnectionSpec connectionSpec) {
        Z.checkState(!this.f8948g, "Cannot change security when using ChannelCredentials");
        Z.checkArgument(connectionSpec.isTls(), "plaintext ConnectionSpec is not accepted");
        this.f8950i = j0.b(connectionSpec);
        return this;
    }

    public c flowControlWindow(int i7) {
        Z.checkState(i7 > 0, "flowControlWindow must be positive");
        this.f8954m = i7;
        return this;
    }

    public c hostnameVerifier(HostnameVerifier hostnameVerifier) {
        Z.checkState(!this.f8948g, "Cannot change security when using ChannelCredentials");
        this.f8949h = hostnameVerifier;
        return this;
    }

    @Override // O3.AbstractC0440j0, O3.B1
    public c keepAliveTime(long j7, TimeUnit timeUnit) {
        Z.checkArgument(j7 > 0, "keepalive time must be positive");
        long nanos = timeUnit.toNanos(j7);
        this.f8952k = nanos;
        long clampKeepAliveTimeInNanos = h.clampKeepAliveTimeInNanos(nanos);
        this.f8952k = clampKeepAliveTimeInNanos;
        if (clampKeepAliveTimeInNanos >= f8942s) {
            this.f8952k = Long.MAX_VALUE;
        }
        return this;
    }

    @Override // O3.AbstractC0440j0, O3.B1
    public c keepAliveTimeout(long j7, TimeUnit timeUnit) {
        Z.checkArgument(j7 > 0, "keepalive timeout must be positive");
        long nanos = timeUnit.toNanos(j7);
        this.f8953l = nanos;
        this.f8953l = h.clampKeepAliveTimeoutInNanos(nanos);
        return this;
    }

    @Override // O3.AbstractC0440j0, O3.B1
    public c keepAliveWithoutCalls(boolean z7) {
        this.f8955n = z7;
        return this;
    }

    @Override // O3.AbstractC0440j0, O3.B1
    public c maxInboundMessageSize(int i7) {
        Z.checkArgument(i7 >= 0, "negative max");
        this.f8956o = i7;
        return this;
    }

    @Override // O3.AbstractC0440j0, O3.B1
    public c maxInboundMetadataSize(int i7) {
        Z.checkArgument(i7 > 0, "maxInboundMetadataSize must be > 0");
        this.f8957p = i7;
        return this;
    }

    @Deprecated
    public c negotiationType(NegotiationType negotiationType) {
        OkHttpChannelBuilder$NegotiationType okHttpChannelBuilder$NegotiationType;
        Z.checkState(!this.f8948g, "Cannot change security when using ChannelCredentials");
        Z.checkNotNull(negotiationType, "type");
        int i7 = b.f8938a[negotiationType.ordinal()];
        if (i7 == 1) {
            okHttpChannelBuilder$NegotiationType = OkHttpChannelBuilder$NegotiationType.TLS;
        } else {
            if (i7 != 2) {
                throw new AssertionError("Unknown negotiation type: " + negotiationType);
            }
            okHttpChannelBuilder$NegotiationType = OkHttpChannelBuilder$NegotiationType.PLAINTEXT;
        }
        this.f8951j = okHttpChannelBuilder$NegotiationType;
        return this;
    }

    public c scheduledExecutorService(ScheduledExecutorService scheduledExecutorService) {
        this.d = new I1((ScheduledExecutorService) Z.checkNotNull(scheduledExecutorService, "scheduledExecutorService"));
        return this;
    }

    public c socketFactory(SocketFactory socketFactory) {
        this.e = socketFactory;
        return this;
    }

    public c sslSocketFactory(SSLSocketFactory sSLSocketFactory) {
        Z.checkState(!this.f8948g, "Cannot change security when using ChannelCredentials");
        this.f8947f = sSLSocketFactory;
        this.f8951j = OkHttpChannelBuilder$NegotiationType.TLS;
        return this;
    }

    public c tlsConnectionSpec(String[] strArr, String[] strArr2) {
        Z.checkState(!this.f8948g, "Cannot change security when using ChannelCredentials");
        Z.checkNotNull(strArr, "tls versions must not null");
        Z.checkNotNull(strArr2, "ciphers must not null");
        this.f8950i = new S3.a(true).supportsTlsExtensions(true).tlsVersions(strArr).cipherSuites(strArr2).build();
        return this;
    }

    public c transportExecutor(Executor executor) {
        if (executor == null) {
            this.c = f8943t;
        } else {
            this.c = new I1(executor);
        }
        return this;
    }

    @Override // O3.AbstractC0440j0, O3.B1
    public c usePlaintext() {
        Z.checkState(!this.f8948g, "Cannot change security when using ChannelCredentials");
        this.f8951j = OkHttpChannelBuilder$NegotiationType.PLAINTEXT;
        return this;
    }

    @Override // O3.AbstractC0440j0, O3.B1
    public c useTransportSecurity() {
        Z.checkState(!this.f8948g, "Cannot change security when using ChannelCredentials");
        this.f8951j = OkHttpChannelBuilder$NegotiationType.TLS;
        return this;
    }
}
