package org.eclipse.jetty.util.ssl;

import java.io.ByteArrayInputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import nxt.b00;
import nxt.g00;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.annotation.ManagedAttribute;
import org.eclipse.jetty.util.annotation.ManagedObject;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.component.Dumpable;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.security.CertificateUtils;
import org.eclipse.jetty.util.security.Password;
import org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager;

@ManagedObject
/* loaded from: classes.dex */
public class SslContextFactory extends AbstractLifeCycle implements Dumpable {
    public static final TrustManager[] S2 = {new X509ExtendedTrustManagerWrapper(null)};
    public static final String T2 = KeyManagerFactory.getDefaultAlgorithm();
    public static final String U2 = TrustManagerFactory.getDefaultAlgorithm();
    public static final Logger V2;
    public static final Logger W2;
    public static final String[] X2;
    public static final String[] Y2;
    public String[] A2;
    public boolean B2;
    public String[] C2;
    public Resource D2;
    public String E2;
    public Password F2;
    public String G2;
    public String H2;
    public String I2;
    public int J2;
    public boolean K2;
    public int L2;
    public int M2;
    public String N2;
    public boolean O2;
    public boolean P2;
    public int Q2;
    public Factory R2;
    public final Set<String> t2;
    public final Set<String> u2;
    public final Set<String> v2;
    public final Set<String> w2;
    public final Map<String, X509> x2;
    public final Map<String, X509> y2;
    public final Map<String, X509> z2;

    /* loaded from: classes.dex */
    public static class AliasSNIMatcher extends SNIMatcher {
        public String a;

        public AliasSNIMatcher() {
            super(0);
        }

        @Override // javax.net.ssl.SNIMatcher
        public boolean matches(SNIServerName sNIServerName) {
            Logger logger = SslContextFactory.V2;
            if (logger.d()) {
                logger.a("SNI matching for {}", sNIServerName);
            }
            if (sNIServerName instanceof SNIHostName) {
                this.a = StringUtil.b(((SNIHostName) sNIServerName).getAsciiName());
                if (logger.d()) {
                    logger.a("SNI host name {}", this.a);
                }
            } else if (logger.d()) {
                logger.a("No SNI host name for {}", sNIServerName);
            }
            return true;
        }
    }

    /* loaded from: classes.dex */
    public static class Client extends SslContextFactory {
        public static final /* synthetic */ int a3 = 0;
        public SniProvider Z2;

        @FunctionalInterface
        /* loaded from: classes.dex */
        public interface SniProvider {
            List<SNIServerName> a(SSLEngine sSLEngine, List<SNIServerName> list);
        }

        public Client() {
            super(false);
            this.Z2 = g00.a;
        }

        @Override // org.eclipse.jetty.util.ssl.SslContextFactory
        public void I4() {
            if (this.O2) {
                SslContextFactory.W2.g("Trusting all certificates configured for {}", this);
            }
            if (this.N2 == null) {
                SslContextFactory.W2.g("No Client EndPointIdentificationAlgorithm configured for {}", this);
            }
            super.I4();
        }

        @Override // org.eclipse.jetty.util.ssl.SslContextFactory
        public void K4(SSLEngine sSLEngine) {
            SSLParameters sSLParameters = sSLEngine.getSSLParameters();
            List<SNIServerName> serverNames = sSLParameters.getServerNames();
            if (serverNames == null) {
                serverNames = Collections.emptyList();
            }
            List<SNIServerName> a = this.Z2.a(sSLEngine, serverNames);
            if (a != null && a != serverNames) {
                sSLParameters.setServerNames(a);
                sSLEngine.setSSLParameters(sSLParameters);
            }
            super.K4(sSLEngine);
        }

        @Override // org.eclipse.jetty.util.ssl.SslContextFactory
        public X509ExtendedKeyManager S4(X509ExtendedKeyManager x509ExtendedKeyManager) {
            return x509ExtendedKeyManager;
        }
    }

    /* loaded from: classes.dex */
    public static class Factory {
        public final SSLContext a;

        public Factory(KeyStore keyStore, KeyStore keyStore2, SSLContext sSLContext) {
            this.a = sSLContext;
        }
    }

    @ManagedObject
    /* loaded from: classes.dex */
    public static class Server extends SslContextFactory implements SniX509ExtendedKeyManager.SniSelector {
        public static final /* synthetic */ int Z2 = 0;

        public Server() {
            this.N2 = null;
        }

        @Override // org.eclipse.jetty.util.ssl.SslContextFactory
        public KeyManager[] L4(KeyStore keyStore) {
            return super.L4(keyStore);
        }

        @Override // org.eclipse.jetty.util.ssl.SslContextFactory
        public boolean M4() {
            return false;
        }

        @Override // org.eclipse.jetty.util.ssl.SslContextFactory
        public boolean O4() {
            return false;
        }

        @Override // org.eclipse.jetty.util.ssl.SslContextFactory
        public X509ExtendedKeyManager S4(X509ExtendedKeyManager x509ExtendedKeyManager) {
            return new SniX509ExtendedKeyManager(x509ExtendedKeyManager, this);
        }

        /* JADX WARN: Removed duplicated region for block: B:12:0x008c  */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public java.lang.String V4(java.lang.String r4, java.security.Principal[] r5, javax.net.ssl.SSLSession r6, final java.lang.String r7, java.util.Collection<org.eclipse.jetty.util.ssl.X509> r8) {
            /*
                r3 = this;
                org.eclipse.jetty.util.log.Logger r5 = org.eclipse.jetty.util.ssl.SslContextFactory.V2
                boolean r6 = r5.d()
                r0 = 1
                r1 = 0
                if (r6 == 0) goto L22
                r6 = 4
                java.lang.Object[] r6 = new java.lang.Object[r6]
                r6[r1] = r4
                java.lang.String r4 = java.lang.String.valueOf(r7)
                r6[r0] = r4
                r4 = 2
                java.lang.Boolean r2 = java.lang.Boolean.FALSE
                r6[r4] = r2
                r4 = 3
                r6[r4] = r8
                java.lang.String r4 = "Selecting alias: keyType={}, sni={}, sniRequired={}, certs={}"
                r5.a(r4, r6)
            L22:
                if (r7 != 0) goto L25
                goto L59
            L25:
                java.util.stream.Stream r4 = r8.stream()
                nxt.h00 r6 = new nxt.h00
                r6.<init>()
                java.util.stream.Stream r4 = r4.filter(r6)
                java.util.stream.Collector r6 = java.util.stream.Collectors.toList()
                java.lang.Object r4 = r4.collect(r6)
                java.util.List r4 = (java.util.List) r4
                boolean r6 = r4.isEmpty()
                if (r6 == 0) goto L5c
                java.util.Map<java.lang.String, org.eclipse.jetty.util.ssl.X509> r4 = r3.x2
                java.util.Collection r4 = r4.values()
                java.util.stream.Stream r4 = r4.stream()
                nxt.h00 r6 = new nxt.h00
                r6.<init>()
                boolean r4 = r4.anyMatch(r6)
                if (r4 == 0) goto L59
                r4 = 0
                goto L86
            L59:
                java.lang.String r4 = "delegate_no_sni_match"
                goto L86
            L5c:
                java.lang.Object r6 = r4.get(r1)
                org.eclipse.jetty.util.ssl.X509 r6 = (org.eclipse.jetty.util.ssl.X509) r6
                java.lang.String r6 = r6.a
                int r7 = r4.size()
                if (r7 <= r0) goto L85
                java.util.stream.Stream r4 = r4.stream()
                nxt.i00 r7 = new java.util.function.ToIntFunction() { // from class: nxt.i00
                    static {
                        /*
                            nxt.i00 r0 = new nxt.i00
                            r0.<init>()
                            
                            // error: 0x0005: SPUT (r0 I:nxt.i00) nxt.i00.a nxt.i00
                            return
                        */
                        throw new UnsupportedOperationException("Method not decompiled: nxt.i00.<clinit>():void");
                    }

                    {
                        /*
                            r0 = this;
                            r0.<init>()
                            return
                        */
                        throw new UnsupportedOperationException("Method not decompiled: nxt.i00.<init>():void");
                    }

                    @Override // java.util.function.ToIntFunction
                    public final int applyAsInt(java.lang.Object r2) {
                        /*
                            r1 = this;
                            org.eclipse.jetty.util.ssl.X509 r2 = (org.eclipse.jetty.util.ssl.X509) r2
                            int r0 = org.eclipse.jetty.util.ssl.SslContextFactory.Server.Z2
                            java.util.Set<java.lang.String> r2 = r2.c
                            java.util.Set r2 = java.util.Collections.unmodifiableSet(r2)
                            int r2 = r2.size()
                            return r2
                        */
                        throw new UnsupportedOperationException("Method not decompiled: nxt.i00.applyAsInt(java.lang.Object):int");
                    }
                }
                java.util.Comparator r7 = java.util.Comparator.comparingInt(r7)
                java.util.Optional r4 = r4.min(r7)
                org.eclipse.jetty.util.ssl.b r7 = org.eclipse.jetty.util.ssl.b.s2
                java.util.Optional r4 = r4.map(r7)
                java.lang.Object r4 = r4.orElse(r6)
                java.lang.String r4 = (java.lang.String) r4
                goto L86
            L85:
                r4 = r6
            L86:
                boolean r6 = r5.d()
                if (r6 == 0) goto L99
                java.lang.Object[] r6 = new java.lang.Object[r0]
                java.lang.String r7 = java.lang.String.valueOf(r4)
                r6[r1] = r7
                java.lang.String r7 = "Selected alias={}"
                r5.a(r7, r6)
            L99:
                return r4
            */
            throw new UnsupportedOperationException("Method not decompiled: org.eclipse.jetty.util.ssl.SslContextFactory.Server.V4(java.lang.String, java.security.Principal[], javax.net.ssl.SSLSession, java.lang.String, java.util.Collection):java.lang.String");
        }
    }

    /* loaded from: classes.dex */
    public static class X509ExtendedKeyManagerWrapper extends X509ExtendedKeyManager {
        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            return null;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return null;
        }
    }

    /* loaded from: classes.dex */
    public static class X509ExtendedTrustManagerWrapper extends X509ExtendedTrustManager {
        public final X509ExtendedTrustManager a = null;

        public X509ExtendedTrustManagerWrapper(X509ExtendedTrustManager x509ExtendedTrustManager) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            X509ExtendedTrustManager x509ExtendedTrustManager = this.a;
            if (x509ExtendedTrustManager != null) {
                x509ExtendedTrustManager.checkClientTrusted(x509CertificateArr, str);
            }
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
            X509ExtendedTrustManager x509ExtendedTrustManager = this.a;
            if (x509ExtendedTrustManager != null) {
                x509ExtendedTrustManager.checkClientTrusted(x509CertificateArr, str, socket);
            }
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
            X509ExtendedTrustManager x509ExtendedTrustManager = this.a;
            if (x509ExtendedTrustManager != null) {
                x509ExtendedTrustManager.checkClientTrusted(x509CertificateArr, str, sSLEngine);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            X509ExtendedTrustManager x509ExtendedTrustManager = this.a;
            if (x509ExtendedTrustManager != null) {
                x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr, str);
            }
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
            X509ExtendedTrustManager x509ExtendedTrustManager = this.a;
            if (x509ExtendedTrustManager != null) {
                x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr, str, socket);
            }
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
            X509ExtendedTrustManager x509ExtendedTrustManager = this.a;
            if (x509ExtendedTrustManager != null) {
                x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr, str, sSLEngine);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            X509ExtendedTrustManager x509ExtendedTrustManager = this.a;
            return x509ExtendedTrustManager == null ? new X509Certificate[0] : x509ExtendedTrustManager.getAcceptedIssuers();
        }
    }

    static {
        String str = Log.a;
        Logger b = Log.b(SslContextFactory.class.getName());
        V2 = b;
        W2 = b.b("config");
        X2 = new String[]{"SSL", "SSLv2", "SSLv2Hello", "SSLv3"};
        Y2 = new String[]{"^.*_(MD5|SHA|SHA1)$", "^TLS_RSA_.*$", "^SSL_.*$", "^.*_NULL_.*$", "^.*_anon_.*$"};
    }

    @Deprecated
    public SslContextFactory() {
        this(false);
    }

    @Deprecated
    public SslContextFactory(boolean z) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        this.t2 = linkedHashSet;
        this.u2 = new LinkedHashSet();
        LinkedHashSet linkedHashSet2 = new LinkedHashSet();
        this.v2 = linkedHashSet2;
        this.w2 = new LinkedHashSet();
        this.x2 = new HashMap();
        this.y2 = new HashMap();
        this.z2 = new HashMap();
        this.B2 = true;
        this.E2 = "JKS";
        this.G2 = "TLS";
        this.H2 = T2;
        this.I2 = U2;
        this.J2 = -1;
        this.K2 = true;
        this.L2 = -1;
        this.M2 = -1;
        this.N2 = "HTTPS";
        this.P2 = true;
        this.Q2 = 5;
        this.O2 = z;
        if (z) {
            this.N2 = null;
        }
        String[] strArr = X2;
        linkedHashSet.clear();
        linkedHashSet.addAll(Arrays.asList(strArr));
        String[] strArr2 = Y2;
        linkedHashSet2.clear();
        linkedHashSet2.addAll(Arrays.asList(strArr2));
    }

    public static X509Certificate[] P4(SslContextFactory sslContextFactory, SSLSession sSLSession) {
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            if (peerCertificates != null && peerCertificates.length != 0) {
                int length = peerCertificates.length;
                X509Certificate[] x509CertificateArr = new X509Certificate[length];
                CertificateFactory certificateFactory = sslContextFactory != null ? CertificateFactory.getInstance("X.509") : CertificateFactory.getInstance("X.509");
                for (int i = 0; i < length; i++) {
                    x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(peerCertificates[i].getEncoded()));
                }
                return x509CertificateArr;
            }
            return null;
        } catch (SSLPeerUnverifiedException unused) {
            return null;
        } catch (Exception e) {
            V2.e("EXCEPTION ", e);
            return null;
        }
    }

    @Override // org.eclipse.jetty.util.component.AbstractLifeCycle
    public void B4() {
        synchronized (this) {
            Q4();
        }
        I4();
    }

    @Override // org.eclipse.jetty.util.component.AbstractLifeCycle
    public void C4() {
        synchronized (this) {
            U4();
        }
    }

    public void I4() {
        SSLEngine createSSLEngine = this.R2.a.createSSLEngine();
        K4(createSSLEngine);
        SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
        for (String str : sSLParameters.getProtocols()) {
            for (String str2 : X2) {
                if (str2.equals(str)) {
                    W2.g("Protocol {} not excluded for {}", str, this);
                }
            }
        }
        for (String str3 : sSLParameters.getCipherSuites()) {
            for (String str4 : Y2) {
                if (str3.matches(str4)) {
                    W2.g("Weak cipher suite {} enabled for {}", str3, this);
                }
            }
        }
    }

    public final void J4() {
        if (u3()) {
            return;
        }
        throw new IllegalStateException("!STARTED: " + this);
    }

    public void K4(SSLEngine sSLEngine) {
        Logger logger = V2;
        if (logger.d()) {
            logger.a("Customize {}", sSLEngine);
        }
        SSLParameters sSLParameters = sSLEngine.getSSLParameters();
        sSLParameters.setEndpointIdentificationAlgorithm(this.N2);
        sSLParameters.setUseCipherSuitesOrder(this.B2);
        if (!this.y2.isEmpty() || !this.z2.isEmpty()) {
            sSLParameters.setSNIMatchers(Collections.singletonList(new AliasSNIMatcher()));
        }
        String[] strArr = this.C2;
        if (strArr != null) {
            sSLParameters.setCipherSuites(strArr);
        }
        String[] strArr2 = this.A2;
        if (strArr2 != null) {
            sSLParameters.setProtocols(strArr2);
        }
        if (!(this instanceof Client)) {
            if (O4()) {
                sSLParameters.setWantClientAuth(true);
            }
            if (M4()) {
                sSLParameters.setNeedClientAuth(true);
            }
        }
        sSLEngine.setSSLParameters(sSLParameters);
    }

    public KeyManager[] L4(KeyStore keyStore) {
        KeyManager[] keyManagerArr = null;
        if (keyStore != null) {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.H2);
            Password password = this.F2;
            keyManagerFactory.init(keyStore, password != null ? password.toString().toCharArray() : null);
            keyManagerArr = keyManagerFactory.getKeyManagers();
            if (keyManagerArr != null) {
                if (this instanceof Server) {
                }
                if (!this.z2.isEmpty() || this.y2.size() > 1 || (this.y2.size() == 1 && this.x2.size() > 1)) {
                    for (int i = 0; i < keyManagerArr.length; i++) {
                        if (keyManagerArr[i] instanceof X509ExtendedKeyManager) {
                            keyManagerArr[i] = S4((X509ExtendedKeyManager) keyManagerArr[i]);
                        }
                    }
                }
            }
        }
        Logger logger = V2;
        if (logger.d()) {
            logger.a("managers={} for {}", keyManagerArr, this);
        }
        return keyManagerArr;
    }

    @ManagedAttribute
    @Deprecated
    public boolean M4() {
        return false;
    }

    public SSLContext N4() {
        SSLContext sSLContext;
        if (!u3()) {
            return null;
        }
        synchronized (this) {
            Factory factory = this.R2;
            if (factory == null) {
                throw new IllegalStateException("SslContextFactory reload failed");
            }
            sSLContext = factory.a;
        }
        return sSLContext;
    }

    @ManagedAttribute
    @Deprecated
    public boolean O4() {
        return false;
    }

    public final void Q4() {
        KeyStore a;
        TrustManager[] trustManagerArr;
        SSLContext sSLContext;
        TrustManager[] trustManagerArr2;
        Resource resource = this.D2;
        KeyStore keyStore = null;
        if (resource == null) {
            if (this.O2) {
                Logger logger = V2;
                if (logger.d()) {
                    logger.a("No keystore or trust store configured.  ACCEPTING UNTRUSTED CERTIFICATES!!!!!", new Object[0]);
                }
                trustManagerArr2 = S2;
            } else {
                trustManagerArr2 = null;
            }
            SSLContext sSLContext2 = SSLContext.getInstance(this.G2);
            sSLContext2.init(null, trustManagerArr2, null);
            sSLContext = sSLContext2;
            a = null;
        } else {
            KeyStore a2 = CertificateUtils.a(resource, this.E2, null, Objects.toString(this.F2, null));
            a = CertificateUtils.a(this.D2, this.E2, null, Objects.toString(this.F2, null));
            CertificateUtils.b(null);
            if (a2 != null) {
                Iterator it = Collections.list(a2.aliases()).iterator();
                while (it.hasNext()) {
                    String str = (String) it.next();
                    Certificate certificate = a2.getCertificate(str);
                    if (certificate != null && "X.509".equals(certificate.getType())) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        Logger logger2 = X509.e;
                        boolean[] keyUsage = x509Certificate.getKeyUsage();
                        if ((keyUsage == null || keyUsage.length <= 5) ? false : keyUsage[5]) {
                            Logger logger3 = V2;
                            if (logger3.d()) {
                                logger3.a("Skipping " + x509Certificate, new Object[0]);
                            }
                        } else {
                            X509 x509 = new X509(str, x509Certificate);
                            this.x2.put(str, x509);
                            V2.h("x509={} for {}", x509, this);
                            Iterator it2 = Collections.unmodifiableSet(x509.b).iterator();
                            while (it2.hasNext()) {
                                this.y2.put((String) it2.next(), x509);
                            }
                            Iterator it3 = Collections.unmodifiableSet(x509.c).iterator();
                            while (it3.hasNext()) {
                                this.z2.put((String) it3.next(), x509);
                            }
                        }
                    }
                }
            }
            KeyManager[] L4 = L4(a2);
            if (a != null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.I2);
                trustManagerFactory.init(a);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } else {
                trustManagerArr = null;
            }
            sSLContext = SSLContext.getInstance(this.G2);
            sSLContext.init(L4, trustManagerArr, null);
            keyStore = a2;
        }
        SSLSessionContext serverSessionContext = sSLContext.getServerSessionContext();
        if (serverSessionContext != null) {
            int i = this.L2;
            if (i > -1) {
                serverSessionContext.setSessionCacheSize(i);
            }
            int i2 = this.M2;
            if (i2 > -1) {
                serverSessionContext.setSessionTimeout(i2);
            }
        }
        SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
        SSLParameters supportedSSLParameters = sSLContext.getSupportedSSLParameters();
        String[] cipherSuites = defaultSSLParameters.getCipherSuites();
        String[] cipherSuites2 = supportedSSLParameters.getCipherSuites();
        ArrayList arrayList = (ArrayList) T4("Cipher Suite", cipherSuites, cipherSuites2, this.w2, this.v2);
        if (arrayList.isEmpty()) {
            V2.g("No supported Cipher Suite from {}", Arrays.asList(cipherSuites2));
        }
        this.C2 = (String[]) arrayList.toArray(new String[0]);
        String[] protocols = defaultSSLParameters.getProtocols();
        String[] protocols2 = supportedSSLParameters.getProtocols();
        ArrayList arrayList2 = (ArrayList) T4("Protocols", protocols, protocols2, this.u2, this.t2);
        if (arrayList2.isEmpty()) {
            V2.g("No selected Protocols from {}", Arrays.asList(protocols2));
        }
        this.A2 = (String[]) arrayList2.toArray(new String[0]);
        this.R2 = new Factory(keyStore, a, sSLContext);
        Logger logger4 = V2;
        if (logger4.d()) {
            logger4.a("Selected Protocols {} of {}", Arrays.asList(this.A2), Arrays.asList(supportedSSLParameters.getProtocols()));
            logger4.a("Selected Ciphers   {} of {}", Arrays.asList(this.C2), Arrays.asList(supportedSSLParameters.getCipherSuites()));
        }
    }

    @Override // org.eclipse.jetty.util.component.Dumpable
    public void R3(Appendable appendable, String str) {
        try {
            SSLEngine createSSLEngine = SSLContext.getDefault().createSSLEngine();
            Dumpable.L1(appendable, str, this, "trustAll=" + this.O2, new SslSelectionDump("Protocol", createSSLEngine.getSupportedProtocols(), createSSLEngine.getEnabledProtocols(), (String[]) this.t2.toArray(new String[0]), (String[]) this.u2.toArray(new String[0])), new SslSelectionDump("Cipher Suite", createSSLEngine.getSupportedCipherSuites(), createSSLEngine.getEnabledCipherSuites(), (String[]) this.v2.toArray(new String[0]), (String[]) this.w2.toArray(new String[0])));
        } catch (NoSuchAlgorithmException e) {
            V2.m(e);
        }
    }

    public SSLEngine R4(String str, int i) {
        J4();
        SSLContext N4 = N4();
        SSLEngine createSSLEngine = this.K2 ? N4.createSSLEngine(str, i) : N4.createSSLEngine();
        K4(createSSLEngine);
        return createSSLEngine;
    }

    @Deprecated
    public X509ExtendedKeyManager S4(X509ExtendedKeyManager x509ExtendedKeyManager) {
        throw new IllegalStateException(String.format("KeyStores with multiple certificates are not supported on the base class %s. (Use %s or %s instead)", SslContextFactory.class.getName(), Server.class.getName(), Client.class.getName()));
    }

    public final List<String> T4(String str, String[] strArr, String[] strArr2, Set<String> set, Set<String> set2) {
        ArrayList arrayList = new ArrayList();
        if (set.isEmpty()) {
            arrayList.addAll(Arrays.asList(strArr));
        } else {
            for (String str2 : set) {
                Pattern compile = Pattern.compile(str2);
                boolean z = false;
                for (String str3 : strArr2) {
                    if (compile.matcher(str3).matches()) {
                        arrayList.add(str3);
                        z = true;
                    }
                }
                if (!z) {
                    V2.h("No {} matching '{}' is supported", str, str2);
                }
            }
        }
        Iterator<String> it = set2.iterator();
        while (it.hasNext()) {
            arrayList.removeIf(new b00(Pattern.compile(it.next()), 2));
        }
        return arrayList;
    }

    public final void U4() {
        this.R2 = null;
        this.A2 = null;
        this.C2 = null;
        this.x2.clear();
        this.y2.clear();
        this.z2.clear();
    }

    @Override // org.eclipse.jetty.util.component.AbstractLifeCycle
    public String toString() {
        return String.format("%s@%x[provider=%s,keyStore=%s,trustStore=%s]", getClass().getSimpleName(), Integer.valueOf(hashCode()), null, this.D2, null);
    }
}
