package org.bouncycastle.est.jcajce;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.bouncycastle.est.ESTClient;
import org.bouncycastle.est.ESTClientProvider;
import org.bouncycastle.est.ESTClientSourceProvider;
import org.bouncycastle.est.ESTException;
import org.bouncycastle.est.Source;
import org.bouncycastle.util.Strings;

/* loaded from: classes.dex */
public final class b implements ESTClientSourceProvider, ESTClientProvider {

    /* renamed from: a, reason: collision with root package name */
    public final JsseHostnameAuthorizer f4700a;

    /* renamed from: b, reason: collision with root package name */
    public final int f4701b;

    /* renamed from: c, reason: collision with root package name */
    public final ChannelBindingProvider f4702c;

    /* renamed from: d, reason: collision with root package name */
    public final Set f4703d;

    /* renamed from: e, reason: collision with root package name */
    public final Long f4704e;

    /* renamed from: f, reason: collision with root package name */
    public final boolean f4705f;

    /* renamed from: g, reason: collision with root package name */
    public final Object f4706g;

    public b(SSLSocketFactory sSLSocketFactory, JsseHostnameAuthorizer jsseHostnameAuthorizer, int i7, ChannelBindingProvider channelBindingProvider, Set set, Long l6, boolean z6) {
        this.f4706g = sSLSocketFactory;
        this.f4700a = jsseHostnameAuthorizer;
        this.f4701b = i7;
        this.f4702c = channelBindingProvider;
        this.f4703d = set;
        this.f4704e = l6;
        this.f4705f = z6;
    }

    public b(JsseHostnameAuthorizer jsseHostnameAuthorizer, SSLSocketFactoryCreator sSLSocketFactoryCreator, int i7, ChannelBindingProvider channelBindingProvider, Set set, Long l6, boolean z6) {
        this.f4700a = jsseHostnameAuthorizer;
        this.f4706g = sSLSocketFactoryCreator;
        this.f4701b = i7;
        this.f4702c = channelBindingProvider;
        this.f4703d = set;
        this.f4704e = l6;
        this.f4705f = z6;
    }

    @Override // org.bouncycastle.est.ESTClientProvider
    public final boolean isTrusted() {
        return ((SSLSocketFactoryCreator) this.f4706g).isTrusted();
    }

    @Override // org.bouncycastle.est.ESTClientProvider
    public final ESTClient makeClient() {
        try {
            return new a(new b(((SSLSocketFactoryCreator) this.f4706g).createFactory(), this.f4700a, this.f4701b, this.f4702c, this.f4703d, this.f4704e, this.f4705f));
        } catch (Exception e7) {
            throw new ESTException(e7.getMessage(), e7.getCause());
        }
    }

    @Override // org.bouncycastle.est.ESTClientSourceProvider
    public final Source makeSource(String str, int i7) {
        SSLSocket sSLSocket = (SSLSocket) ((SSLSocketFactory) this.f4706g).createSocket(str, i7);
        sSLSocket.setSoTimeout(this.f4701b);
        Set<String> set = this.f4703d;
        if (set != null && !set.isEmpty()) {
            if (this.f4705f) {
                HashSet hashSet = new HashSet();
                String[] supportedCipherSuites = sSLSocket.getSupportedCipherSuites();
                for (int i8 = 0; i8 != supportedCipherSuites.length; i8++) {
                    hashSet.add(supportedCipherSuites[i8]);
                }
                ArrayList arrayList = new ArrayList();
                for (String str2 : set) {
                    if (hashSet.contains(str2)) {
                        arrayList.add(str2);
                    }
                }
                if (arrayList.isEmpty()) {
                    throw new IllegalStateException("No supplied cipher suite is supported by the provider.");
                }
                sSLSocket.setEnabledCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
            } else {
                sSLSocket.setEnabledCipherSuites((String[]) set.toArray(new String[set.size()]));
            }
        }
        sSLSocket.startHandshake();
        JsseHostnameAuthorizer jsseHostnameAuthorizer = this.f4700a;
        if (jsseHostnameAuthorizer != null && !jsseHostnameAuthorizer.verified(str, sSLSocket.getSession())) {
            throw new IOException("Host name could not be verified.");
        }
        String lowerCase = Strings.toLowerCase(sSLSocket.getSession().getCipherSuite());
        if (lowerCase.contains("_des_") || lowerCase.contains("_des40_") || lowerCase.contains("_3des_")) {
            throw new IOException("EST clients must not use DES ciphers");
        }
        if (Strings.toLowerCase(sSLSocket.getSession().getCipherSuite()).contains("null")) {
            throw new IOException("EST clients must not use NULL ciphers");
        }
        if (Strings.toLowerCase(sSLSocket.getSession().getCipherSuite()).contains("anon")) {
            throw new IOException("EST clients must not use anon ciphers");
        }
        if (Strings.toLowerCase(sSLSocket.getSession().getCipherSuite()).contains("export")) {
            throw new IOException("EST clients must not use export ciphers");
        }
        if (sSLSocket.getSession().getProtocol().equalsIgnoreCase("tlsv1")) {
            try {
                sSLSocket.close();
            } catch (Exception unused) {
            }
            throw new IOException("EST clients must not use TLSv1");
        }
        if (jsseHostnameAuthorizer == null || jsseHostnameAuthorizer.verified(str, sSLSocket.getSession())) {
            return new e(sSLSocket, this.f4702c, this.f4704e);
        }
        throw new IOException(o1.a.g("Hostname was not verified: ", str));
    }
}
