package io.grpc.okhttp;

import androidx.appcompat.R$string;
import io.grpc.okhttp.internal.ConnectionSpec;
import io.grpc.okhttp.internal.OkHostnameVerifier;
import io.grpc.okhttp.internal.Protocol;
import io.grpc.okhttp.internal.Util;
import java.io.IOException;
import java.net.Socket;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: classes2.dex */
public final class OkHttpTlsUpgrader {
    public static final List<Protocol> TLS_PROTOCOLS = Collections.unmodifiableList(Arrays.asList(Protocol.HTTP_2));

    public static SSLSocket upgrade(SSLSocketFactory sSLSocketFactory, HostnameVerifier hostnameVerifier, Socket socket, String str, int i, ConnectionSpec connectionSpec) throws IOException {
        Protocol protocol;
        R$string.checkNotNull(sSLSocketFactory, "sslSocketFactory");
        R$string.checkNotNull(socket, "socket");
        R$string.checkNotNull(connectionSpec, "spec");
        SSLSocket sSLSocket = (SSLSocket) sSLSocketFactory.createSocket(socket, str, i, true);
        String[] strArr = connectionSpec.cipherSuites;
        String[] strArr2 = strArr != null ? (String[]) Util.intersect(strArr, sSLSocket.getEnabledCipherSuites()) : null;
        String[] strArr3 = (String[]) Util.intersect(connectionSpec.tlsVersions, sSLSocket.getEnabledProtocols());
        ConnectionSpec.Builder builder = new ConnectionSpec.Builder(connectionSpec);
        boolean z = builder.tls;
        if (!z) {
            throw new IllegalStateException("no cipher suites for cleartext connections");
        }
        if (strArr2 == null) {
            builder.cipherSuites = null;
        } else {
            builder.cipherSuites = (String[]) strArr2.clone();
        }
        if (!z) {
            throw new IllegalStateException("no TLS versions for cleartext connections");
        }
        if (strArr3 == null) {
            builder.tlsVersions = null;
        } else {
            builder.tlsVersions = (String[]) strArr3.clone();
        }
        ConnectionSpec connectionSpec2 = new ConnectionSpec(builder);
        sSLSocket.setEnabledProtocols(connectionSpec2.tlsVersions);
        String[] strArr4 = connectionSpec2.cipherSuites;
        if (strArr4 != null) {
            sSLSocket.setEnabledCipherSuites(strArr4);
        }
        OkHttpProtocolNegotiator okHttpProtocolNegotiator = OkHttpProtocolNegotiator.NEGOTIATOR;
        boolean z2 = connectionSpec.supportsTlsExtensions;
        List<Protocol> list = TLS_PROTOCOLS;
        String negotiate = okHttpProtocolNegotiator.negotiate(sSLSocket, str, z2 ? list : null);
        if (negotiate.equals("http/1.0")) {
            protocol = Protocol.HTTP_1_0;
        } else if (negotiate.equals("http/1.1")) {
            protocol = Protocol.HTTP_1_1;
        } else if (negotiate.equals("h2")) {
            protocol = Protocol.HTTP_2;
        } else {
            if (!negotiate.equals("spdy/3.1")) {
                throw new IOException("Unexpected protocol: ".concat(negotiate));
            }
            protocol = Protocol.SPDY_3;
        }
        R$string.checkState(negotiate, "Only " + list + " are supported, but negotiated protocol is %s", list.contains(protocol));
        if (hostnameVerifier == null) {
            hostnameVerifier = OkHostnameVerifier.INSTANCE;
        }
        if (hostnameVerifier.verify((str.startsWith("[") && str.endsWith("]")) ? str.substring(1, str.length() - 1) : str, sSLSocket.getSession())) {
            return sSLSocket;
        }
        throw new SSLPeerUnverifiedException("Cannot verify hostname: ".concat(str));
    }
}
