package okhttp3; import java.util.Arrays; import java.util.List; import javax.net.ssl.SSLSocket; import okhttp3.internal.Util; /* loaded from: classes2.dex */ public final class ConnectionSpec { final String[] cipherSuites; final boolean supportsTlsExtensions; final boolean tls; final String[] tlsVersions; private static final CipherSuite[] RESTRICTED_CIPHER_SUITES = {CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}; private static final CipherSuite[] APPROVED_CIPHER_SUITES = {CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA, CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA}; public static final ConnectionSpec RESTRICTED_TLS = new Builder(true).cipherSuites(RESTRICTED_CIPHER_SUITES).tlsVersions(TlsVersion.TLS_1_2).supportsTlsExtensions(true).build(); public static final ConnectionSpec MODERN_TLS = new Builder(true).cipherSuites(APPROVED_CIPHER_SUITES).tlsVersions(TlsVersion.TLS_1_2, TlsVersion.TLS_1_1, TlsVersion.TLS_1_0).supportsTlsExtensions(true).build(); public static final ConnectionSpec COMPATIBLE_TLS = new Builder(MODERN_TLS).tlsVersions(TlsVersion.TLS_1_0).supportsTlsExtensions(true).build(); public static final ConnectionSpec CLEARTEXT = new Builder(false).build(); ConnectionSpec(Builder builder) { this.tls = builder.tls; this.cipherSuites = builder.cipherSuites; this.tlsVersions = builder.tlsVersions; this.supportsTlsExtensions = builder.supportsTlsExtensions; } private ConnectionSpec supportedSpec(SSLSocket sSLSocket, boolean z) { String[] intersect = this.cipherSuites != null ? Util.intersect(CipherSuite.ORDER_BY_NAME, sSLSocket.getEnabledCipherSuites(), this.cipherSuites) : sSLSocket.getEnabledCipherSuites(); String[] intersect2 = this.tlsVersions != null ? Util.intersect(Util.NATURAL_ORDER, sSLSocket.getEnabledProtocols(), this.tlsVersions) : sSLSocket.getEnabledProtocols(); String[] supportedCipherSuites = sSLSocket.getSupportedCipherSuites(); int indexOf = Util.indexOf(CipherSuite.ORDER_BY_NAME, supportedCipherSuites, "TLS_FALLBACK_SCSV"); if (z && indexOf != -1) { intersect = Util.concat(intersect, supportedCipherSuites[indexOf]); } return new Builder(this).cipherSuites(intersect).tlsVersions(intersect2).build(); } void apply(SSLSocket sSLSocket, boolean z) { ConnectionSpec supportedSpec = supportedSpec(sSLSocket, z); String[] strArr = supportedSpec.tlsVersions; if (strArr != null) { sSLSocket.setEnabledProtocols(strArr); } String[] strArr2 = supportedSpec.cipherSuites; if (strArr2 != null) { sSLSocket.setEnabledCipherSuites(strArr2); } } public List cipherSuites() { String[] strArr = this.cipherSuites; if (strArr != null) { return CipherSuite.forJavaNames(strArr); } return null; } public boolean equals(Object obj) { if (!(obj instanceof ConnectionSpec)) { return false; } if (obj == this) { return true; } ConnectionSpec connectionSpec = (ConnectionSpec) obj; boolean z = this.tls; if (z != connectionSpec.tls) { return false; } return !z || (Arrays.equals(this.cipherSuites, connectionSpec.cipherSuites) && Arrays.equals(this.tlsVersions, connectionSpec.tlsVersions) && this.supportsTlsExtensions == connectionSpec.supportsTlsExtensions); } public int hashCode() { if (this.tls) { return ((((527 + Arrays.hashCode(this.cipherSuites)) * 31) + Arrays.hashCode(this.tlsVersions)) * 31) + (!this.supportsTlsExtensions ? 1 : 0); } return 17; } public boolean isCompatible(SSLSocket sSLSocket) { if (!this.tls) { return false; } String[] strArr = this.tlsVersions; if (strArr != null && !Util.nonEmptyIntersection(Util.NATURAL_ORDER, strArr, sSLSocket.getEnabledProtocols())) { return false; } String[] strArr2 = this.cipherSuites; return strArr2 == null || Util.nonEmptyIntersection(CipherSuite.ORDER_BY_NAME, strArr2, sSLSocket.getEnabledCipherSuites()); } public boolean isTls() { return this.tls; } public boolean supportsTlsExtensions() { return this.supportsTlsExtensions; } public List tlsVersions() { String[] strArr = this.tlsVersions; if (strArr != null) { return TlsVersion.forJavaNames(strArr); } return null; } public String toString() { if (!this.tls) { return "ConnectionSpec()"; } return "ConnectionSpec(cipherSuites=" + (this.cipherSuites != null ? cipherSuites().toString() : "[all enabled]") + ", tlsVersions=" + (this.tlsVersions != null ? tlsVersions().toString() : "[all enabled]") + ", supportsTlsExtensions=" + this.supportsTlsExtensions + ")"; } public static final class Builder { String[] cipherSuites; boolean supportsTlsExtensions; boolean tls; String[] tlsVersions; Builder(boolean z) { this.tls = z; } public Builder allEnabledCipherSuites() { if (!this.tls) { throw new IllegalStateException("no cipher suites for cleartext connections"); } this.cipherSuites = null; return this; } public Builder allEnabledTlsVersions() { if (!this.tls) { throw new IllegalStateException("no TLS versions for cleartext connections"); } this.tlsVersions = null; return this; } public ConnectionSpec build() { return new ConnectionSpec(this); } public Builder cipherSuites(CipherSuite... cipherSuiteArr) { if (!this.tls) { throw new IllegalStateException("no cipher suites for cleartext connections"); } String[] strArr = new String[cipherSuiteArr.length]; for (int i = 0; i < cipherSuiteArr.length; i++) { strArr[i] = cipherSuiteArr[i].javaName; } return cipherSuites(strArr); } public Builder supportsTlsExtensions(boolean z) { if (!this.tls) { throw new IllegalStateException("no TLS extensions for cleartext connections"); } this.supportsTlsExtensions = z; return this; } public Builder tlsVersions(TlsVersion... tlsVersionArr) { if (!this.tls) { throw new IllegalStateException("no TLS versions for cleartext connections"); } String[] strArr = new String[tlsVersionArr.length]; for (int i = 0; i < tlsVersionArr.length; i++) { strArr[i] = tlsVersionArr[i].javaName; } return tlsVersions(strArr); } public Builder(ConnectionSpec connectionSpec) { this.tls = connectionSpec.tls; this.cipherSuites = connectionSpec.cipherSuites; this.tlsVersions = connectionSpec.tlsVersions; this.supportsTlsExtensions = connectionSpec.supportsTlsExtensions; } public Builder cipherSuites(String... strArr) { if (this.tls) { if (strArr.length != 0) { this.cipherSuites = (String[]) strArr.clone(); return this; } throw new IllegalArgumentException("At least one cipher suite is required"); } throw new IllegalStateException("no cipher suites for cleartext connections"); } public Builder tlsVersions(String... strArr) { if (this.tls) { if (strArr.length != 0) { this.tlsVersions = (String[]) strArr.clone(); return this; } throw new IllegalArgumentException("At least one TLS version is required"); } throw new IllegalStateException("no TLS versions for cleartext connections"); } } }