package io.grpc.okhttp;

import androidx.core.content.FileProvider$SimplePathStrategy$$ExternalSyntheticOutline0;
import io.grpc.okhttp.internal.ConnectionSpec;
import io.grpc.okhttp.internal.OkHostnameVerifier;
import io.grpc.okhttp.internal.Protocol;
import io.grpc.okhttp.internal.Util;
import java.io.IOException;
import java.net.Socket;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import kotlin.io.CloseableKt;

/* loaded from: classes.dex */
public final class OkHttpTlsUpgrader {
    public static final List<Protocol> TLS_PROTOCOLS = Collections.unmodifiableList(Arrays.asList(Protocol.HTTP_2));

    public static SSLSocket upgrade(SSLSocketFactory sSLSocketFactory, HostnameVerifier hostnameVerifier, Socket socket, String str, int i, ConnectionSpec connectionSpec) throws IOException {
        CloseableKt.checkNotNull(sSLSocketFactory, "sslSocketFactory");
        CloseableKt.checkNotNull(socket, "socket");
        CloseableKt.checkNotNull(connectionSpec, "spec");
        SSLSocket sSLSocket = (SSLSocket) sSLSocketFactory.createSocket(socket, str, i, true);
        String[] strArr = connectionSpec.cipherSuites != null ? (String[]) Util.intersect(String.class, connectionSpec.cipherSuites, sSLSocket.getEnabledCipherSuites()) : null;
        String[] strArr2 = (String[]) Util.intersect(String.class, connectionSpec.tlsVersions, sSLSocket.getEnabledProtocols());
        ConnectionSpec.Builder builder = new ConnectionSpec.Builder(connectionSpec);
        if (!builder.tls) {
            throw new IllegalStateException("no cipher suites for cleartext connections");
        }
        if (strArr == null) {
            builder.cipherSuites = null;
        } else {
            builder.cipherSuites = (String[]) strArr.clone();
        }
        if (!builder.tls) {
            throw new IllegalStateException("no TLS versions for cleartext connections");
        }
        if (strArr2 == null) {
            builder.tlsVersions = null;
        } else {
            builder.tlsVersions = (String[]) strArr2.clone();
        }
        ConnectionSpec build = builder.build();
        sSLSocket.setEnabledProtocols(build.tlsVersions);
        String[] strArr3 = build.cipherSuites;
        if (strArr3 != null) {
            sSLSocket.setEnabledCipherSuites(strArr3);
        }
        String negotiate = OkHttpProtocolNegotiator.NEGOTIATOR.negotiate(sSLSocket, str, connectionSpec.supportsTlsExtensions ? TLS_PROTOCOLS : null);
        List<Protocol> list = TLS_PROTOCOLS;
        Protocol protocol = Protocol.HTTP_1_0;
        if (!negotiate.equals("http/1.0")) {
            protocol = Protocol.HTTP_1_1;
            if (!negotiate.equals("http/1.1")) {
                protocol = Protocol.HTTP_2;
                if (!negotiate.equals("h2")) {
                    protocol = Protocol.SPDY_3;
                    if (!negotiate.equals("spdy/3.1")) {
                        throw new IOException(FileProvider$SimplePathStrategy$$ExternalSyntheticOutline0.m("Unexpected protocol: ", negotiate));
                    }
                }
            }
        }
        CloseableKt.checkState(list.contains(protocol), "Only " + list + " are supported, but negotiated protocol is %s", negotiate);
        if (hostnameVerifier == null) {
            hostnameVerifier = OkHostnameVerifier.INSTANCE;
        }
        if (hostnameVerifier.verify((str.startsWith("[") && str.endsWith("]")) ? str.substring(1, str.length() - 1) : str, sSLSocket.getSession())) {
            return sSLSocket;
        }
        throw new SSLPeerUnverifiedException(FileProvider$SimplePathStrategy$$ExternalSyntheticOutline0.m("Cannot verify hostname: ", str));
    }
}
