package org.apache.hc.client5.http.ssl;

import hypertest.org.slf4j.Logger;
import hypertest.org.slf4j.LoggerFactory;
import java.net.SocketAddress;
import java.util.Arrays;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import org.apache.hc.core5.annotation.Contract;
import org.apache.hc.core5.annotation.ThreadingBehavior;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
import org.apache.hc.core5.http.ssl.TLS;
import org.apache.hc.core5.http.ssl.TlsCiphers;
import org.apache.hc.core5.http2.HttpVersionPolicy;
import org.apache.hc.core5.http2.ssl.ApplicationProtocol;
import org.apache.hc.core5.http2.ssl.H2TlsSupport;
import org.apache.hc.core5.net.NamedEndpoint;
import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer;
import org.apache.hc.core5.reactor.ssl.SSLSessionVerifier;
import org.apache.hc.core5.reactor.ssl.TlsDetails;
import org.apache.hc.core5.reactor.ssl.TransportSecurityLayer;
import org.apache.hc.core5.util.Args;
import org.apache.hc.core5.util.Timeout;

@Contract(threading = ThreadingBehavior.STATELESS)
/* loaded from: input_file:org/apache/hc/client5/http/ssl/AbstractClientTlsStrategy.classdata */
abstract class AbstractClientTlsStrategy implements TlsStrategy {
    private final Logger log = LoggerFactory.getLogger(getClass());
    private final SSLContext sslContext;
    private final String[] supportedProtocols;
    private final String[] supportedCipherSuites;
    private final SSLBufferMode sslBufferManagement;
    private final HostnameVerifier hostnameVerifier;
    private final TlsSessionValidator tlsSessionValidator;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractClientTlsStrategy(SSLContext sSLContext, String[] strArr, String[] strArr2, SSLBufferMode sSLBufferMode, HostnameVerifier hostnameVerifier) {
        this.sslContext = (SSLContext) Args.notNull(sSLContext, "SSL context");
        this.supportedProtocols = strArr;
        this.supportedCipherSuites = strArr2;
        this.sslBufferManagement = sSLBufferMode != null ? sSLBufferMode : SSLBufferMode.STATIC;
        this.hostnameVerifier = hostnameVerifier != null ? hostnameVerifier : HttpsSupport.getDefaultHostnameVerifier();
        this.tlsSessionValidator = new TlsSessionValidator(this.log);
    }

    @Override // org.apache.hc.core5.http.nio.ssl.TlsStrategy
    public boolean upgrade(TransportSecurityLayer transportSecurityLayer, final HttpHost httpHost, SocketAddress socketAddress, SocketAddress socketAddress2, final Object obj, Timeout timeout) {
        transportSecurityLayer.startTls(this.sslContext, httpHost, this.sslBufferManagement, new SSLSessionInitializer() { // from class: org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.1
            @Override // org.apache.hc.core5.reactor.ssl.SSLSessionInitializer
            public void initialize(NamedEndpoint namedEndpoint, SSLEngine sSLEngine) {
                HttpVersionPolicy httpVersionPolicy = obj instanceof HttpVersionPolicy ? (HttpVersionPolicy) obj : HttpVersionPolicy.NEGOTIATE;
                SSLParameters sSLParameters = sSLEngine.getSSLParameters();
                if (AbstractClientTlsStrategy.this.supportedProtocols != null) {
                    sSLParameters.setProtocols(AbstractClientTlsStrategy.this.supportedProtocols);
                } else if (httpVersionPolicy != HttpVersionPolicy.FORCE_HTTP_1) {
                    sSLParameters.setProtocols(TLS.excludeWeak(sSLParameters.getProtocols()));
                }
                if (AbstractClientTlsStrategy.this.supportedCipherSuites != null) {
                    sSLParameters.setCipherSuites(AbstractClientTlsStrategy.this.supportedCipherSuites);
                } else if (httpVersionPolicy == HttpVersionPolicy.FORCE_HTTP_2) {
                    sSLParameters.setCipherSuites(TlsCiphers.excludeH2Blacklisted(sSLParameters.getCipherSuites()));
                }
                if (httpVersionPolicy != HttpVersionPolicy.FORCE_HTTP_1) {
                    H2TlsSupport.setEnableRetransmissions(sSLParameters, false);
                }
                AbstractClientTlsStrategy.this.applyParameters(sSLEngine, sSLParameters, H2TlsSupport.selectApplicationProtocols(obj));
                AbstractClientTlsStrategy.this.initializeEngine(sSLEngine);
                if (AbstractClientTlsStrategy.this.log.isDebugEnabled()) {
                    AbstractClientTlsStrategy.this.log.debug("Enabled protocols: " + Arrays.asList(sSLEngine.getEnabledProtocols()));
                    AbstractClientTlsStrategy.this.log.debug("Enabled cipher suites:" + Arrays.asList(sSLEngine.getEnabledCipherSuites()));
                }
            }
        }, new SSLSessionVerifier() { // from class: org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.2
            @Override // org.apache.hc.core5.reactor.ssl.SSLSessionVerifier
            public TlsDetails verify(NamedEndpoint namedEndpoint, SSLEngine sSLEngine) throws SSLException {
                AbstractClientTlsStrategy.this.verifySession(httpHost.getHostName(), sSLEngine.getSession());
                TlsDetails createTlsDetails = AbstractClientTlsStrategy.this.createTlsDetails(sSLEngine);
                String cipherSuite = sSLEngine.getSession().getCipherSuite();
                if (createTlsDetails != null && ApplicationProtocol.HTTP_2.id.equals(createTlsDetails.getApplicationProtocol()) && TlsCiphers.isH2Blacklisted(cipherSuite)) {
                    throw new SSLHandshakeException("Cipher suite `" + cipherSuite + "` does not provide adequate security for HTTP/2");
                }
                return createTlsDetails;
            }
        }, timeout);
        return true;
    }

    abstract void applyParameters(SSLEngine sSLEngine, SSLParameters sSLParameters, String[] strArr);

    abstract TlsDetails createTlsDetails(SSLEngine sSLEngine);

    protected void initializeEngine(SSLEngine sSLEngine) {
    }

    protected void verifySession(String str, SSLSession sSLSession) throws SSLException {
        this.tlsSessionValidator.verifySession(str, sSLSession, this.hostnameVerifier);
    }
}
