package io.netty.handler.ssl;

import d.a.b.AbstractC0752j;
import d.a.b.InterfaceC0753k;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.util.AbstractC0928b;
import io.netty.util.ResourceLeakDetector;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* compiled from: ReferenceCountedOpenSslContext.java */
/* loaded from: classes2.dex */
public abstract class Q extends V implements io.netty.util.x {
    private static final List<String> r;
    private static final Integer s;
    protected static final int u = 10;

    /* renamed from: b, reason: collision with root package name */
    protected volatile long f17223b;

    /* renamed from: c, reason: collision with root package name */
    long f17224c;

    /* renamed from: d, reason: collision with root package name */
    private volatile int f17225d;

    /* renamed from: e, reason: collision with root package name */
    private final List<String> f17226e;

    /* renamed from: f, reason: collision with root package name */
    private final long f17227f;
    private final long g;
    private final InterfaceC0923w h;
    private final int i;
    private final io.netty.util.y j;
    private final AbstractC0928b k;
    final Certificate[] l;
    final ClientAuth m;
    final B n;
    volatile boolean o;
    private static final io.netty.util.internal.logging.d p = io.netty.util.internal.logging.e.a((Class<?>) Q.class);

    /* renamed from: q, reason: collision with root package name */
    private static final boolean f17222q = io.netty.util.internal.v.a("jdk.tls.rejectClientInitiatedRenegotiation", false);
    private static final ResourceLeakDetector<Q> t = io.netty.util.z.b().a(Q.class);
    static final InterfaceC0923w v = new b();

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes2.dex */
    class a extends AbstractC0928b {
        a() {
        }

        @Override // io.netty.util.AbstractC0928b
        protected void deallocate() {
            Q.this.s();
            if (Q.this.j != null) {
                Q.this.j.close();
            }
        }

        @Override // io.netty.util.x
        public io.netty.util.x touch(Object obj) {
            if (Q.this.j != null) {
                Q.this.j.a(obj);
            }
            return Q.this;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes2.dex */
    static class b implements InterfaceC0923w {
        b() {
        }

        @Override // io.netty.handler.ssl.InterfaceC0905d
        public List<String> a() {
            return Collections.emptyList();
        }

        @Override // io.netty.handler.ssl.InterfaceC0923w
        public ApplicationProtocolConfig.SelectorFailureBehavior b() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.netty.handler.ssl.InterfaceC0923w
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior c() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }

        @Override // io.netty.handler.ssl.InterfaceC0923w
        public ApplicationProtocolConfig.Protocol protocol() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes2.dex */
    static class c implements PrivilegedAction<String> {
        c() {
        }

        @Override // java.security.PrivilegedAction
        public String run() {
            return io.netty.util.internal.v.b("jdk.tls.ephemeralDHKeySize");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class d {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f17229a;

        /* renamed from: b, reason: collision with root package name */
        static final /* synthetic */ int[] f17230b;

        /* renamed from: c, reason: collision with root package name */
        static final /* synthetic */ int[] f17231c = new int[ApplicationProtocolConfig.SelectedListenerFailureBehavior.values().length];

        static {
            try {
                f17231c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f17231c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            f17230b = new int[ApplicationProtocolConfig.SelectorFailureBehavior.values().length];
            try {
                f17230b[ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f17230b[ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            f17229a = new int[ApplicationProtocolConfig.Protocol.values().length];
            try {
                f17229a[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                f17229a[ApplicationProtocolConfig.Protocol.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f17229a[ApplicationProtocolConfig.Protocol.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f17229a[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes2.dex */
    public static abstract class e implements CertificateVerifier {

        /* renamed from: a, reason: collision with root package name */
        private final B f17232a;

        /* JADX INFO: Access modifiers changed from: package-private */
        public e(B b2) {
            this.f17232a = b2;
        }

        public final int a(long j, byte[][] bArr, String str) {
            X509Certificate[] a2 = Q.a(bArr);
            S b2 = this.f17232a.b(j);
            try {
                a(b2, a2, str);
                return 0;
            } catch (Throwable th) {
                Q.p.debug("verification of certificate failed", (Throwable) th);
                SSLHandshakeException sSLHandshakeException = new SSLHandshakeException("General OpenSslEngine problem");
                sSLHandshakeException.initCause(th);
                b2.A = sSLHandshakeException;
                if (th instanceof OpenSslCertificateException) {
                    return th.errorCode();
                }
                if (th instanceof CertificateExpiredException) {
                    return 10;
                }
                if (th instanceof CertificateNotYetValidException) {
                    return 9;
                }
                return (io.netty.util.internal.p.v() < 7 || !(th instanceof CertificateRevokedException)) ? 1 : 23;
            }
        }

        abstract void a(S s, X509Certificate[] x509CertificateArr, String str) throws Exception;
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes2.dex */
    private static final class f implements B {

        /* renamed from: a, reason: collision with root package name */
        private final Map<Long, S> f17233a;

        private f() {
            this.f17233a = io.netty.util.internal.p.B();
        }

        /* synthetic */ f(a aVar) {
            this();
        }

        @Override // io.netty.handler.ssl.B
        public S a(long j) {
            return this.f17233a.remove(Long.valueOf(j));
        }

        @Override // io.netty.handler.ssl.B
        public void a(S s) {
            this.f17233a.put(Long.valueOf(s.c()), s);
        }

        @Override // io.netty.handler.ssl.B
        public S b(long j) {
            return this.f17233a.get(Long.valueOf(j));
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA");
        r = Collections.unmodifiableList(arrayList);
        if (p.isDebugEnabled()) {
            p.debug("Default cipher suite (OpenSSL): " + arrayList);
        }
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new c());
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    p.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        s = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Q(Iterable<String> iterable, InterfaceC0908g interfaceC0908g, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, boolean z) throws SSLException {
        this(iterable, interfaceC0908g, a(applicationProtocolConfig), j, j2, i, certificateArr, clientAuth, z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public Q(Iterable<String> iterable, InterfaceC0908g interfaceC0908g, InterfaceC0923w interfaceC0923w, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, boolean z) throws SSLException {
        String next;
        this.k = new a();
        ArrayList arrayList = null;
        this.n = new f(0 == true ? 1 : 0);
        C0922v.d();
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.j = z ? t.a((ResourceLeakDetector<Q>) this) : null;
        this.i = i;
        this.m = e() ? (ClientAuth) io.netty.util.internal.n.a(clientAuth, "clientAuth") : ClientAuth.NONE;
        if (i == 1) {
            this.o = f17222q;
        }
        this.l = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            arrayList = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (it.hasNext() && (next = it.next()) != null) {
                String e2 = C0907f.e(next);
                if (e2 != null) {
                    next = e2;
                }
                arrayList.add(next);
            }
        }
        this.f17226e = Arrays.asList(((InterfaceC0908g) io.netty.util.internal.n.a(interfaceC0908g, "cipherFilter")).a(arrayList, r, C0922v.a()));
        this.h = (InterfaceC0923w) io.netty.util.internal.n.a(interfaceC0923w, "apn");
        this.f17224c = Pool.create(0L);
        try {
            synchronized (Q.class) {
                try {
                    try {
                        this.f17223b = SSLContext.make(this.f17224c, 31, i);
                        SSLContext.setOptions(this.f17223b, 4095);
                        SSLContext.setOptions(this.f17223b, 16777216);
                        SSLContext.setOptions(this.f17223b, 33554432);
                        SSLContext.setOptions(this.f17223b, 4194304);
                        SSLContext.setOptions(this.f17223b, 524288);
                        SSLContext.setOptions(this.f17223b, 1048576);
                        SSLContext.setOptions(this.f17223b, 65536);
                        SSLContext.setOptions(this.f17223b, 16384);
                        SSLContext.setMode(this.f17223b, SSLContext.getMode(this.f17223b) | 2);
                        if (s != null) {
                            SSLContext.setTmpDHLength(this.f17223b, s.intValue());
                        }
                        try {
                            try {
                                SSLContext.setCipherSuite(this.f17223b, C0907f.a(this.f17226e));
                                List<String> a2 = interfaceC0923w.a();
                                if (!a2.isEmpty()) {
                                    String[] strArr = (String[]) a2.toArray(new String[a2.size()]);
                                    int a3 = a(interfaceC0923w.b());
                                    int i2 = d.f17229a[interfaceC0923w.protocol().ordinal()];
                                    if (i2 == 1) {
                                        SSLContext.setNpnProtos(this.f17223b, strArr, a3);
                                    } else if (i2 == 2) {
                                        SSLContext.setAlpnProtos(this.f17223b, strArr, a3);
                                    } else {
                                        if (i2 != 3) {
                                            throw new Error();
                                        }
                                        SSLContext.setNpnProtos(this.f17223b, strArr, a3);
                                        SSLContext.setAlpnProtos(this.f17223b, strArr, a3);
                                    }
                                }
                                if (j > 0) {
                                    this.f17227f = j;
                                    SSLContext.setSessionCacheSize(this.f17223b, j);
                                } else {
                                    long sessionCacheSize = SSLContext.setSessionCacheSize(this.f17223b, 20480L);
                                    this.f17227f = sessionCacheSize;
                                    SSLContext.setSessionCacheSize(this.f17223b, sessionCacheSize);
                                }
                                if (j2 > 0) {
                                    this.g = j2;
                                    SSLContext.setSessionCacheTimeout(this.f17223b, j2);
                                } else {
                                    long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.f17223b, 300L);
                                    this.g = sessionCacheTimeout;
                                    SSLContext.setSessionCacheTimeout(this.f17223b, sessionCacheTimeout);
                                }
                            } catch (Exception e3) {
                                throw new SSLException("failed to set cipher suite: " + this.f17226e, e3);
                            }
                        } catch (SSLException e4) {
                            throw e4;
                        }
                    } catch (Exception e5) {
                        throw new SSLException("failed to create an SSL_CTX", e5);
                    }
                } catch (Throwable th) {
                    throw th;
                }
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    private static int a(ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior) {
        int i = d.f17230b[selectorFailureBehavior.ordinal()];
        if (i == 1) {
            return 0;
        }
        if (i == 2) {
            return 1;
        }
        throw new Error();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(InterfaceC0753k interfaceC0753k, M m) throws Exception {
        try {
            AbstractC0752j content = m.content();
            if (content.q1()) {
                return d(content.a2());
            }
            AbstractC0752j e2 = interfaceC0753k.e(content.W1());
            try {
                e2.b(content, content.X1(), content.W1());
                long d2 = d(e2.a2());
                try {
                    if (m.isSensitive()) {
                        a0.a(e2);
                    }
                    return d2;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (m.isSensitive()) {
                        a0.a(e2);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            m.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        InterfaceC0753k interfaceC0753k = InterfaceC0753k.f14742a;
        M pem = PemPrivateKey.toPEM(interfaceC0753k, true, privateKey);
        try {
            return a(interfaceC0753k, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        InterfaceC0753k interfaceC0753k = InterfaceC0753k.f14742a;
        M pem = PemX509Certificate.toPEM(interfaceC0753k, true, x509CertificateArr);
        try {
            return a(interfaceC0753k, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static InterfaceC0923w a(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return v;
        }
        int i = d.f17229a[applicationProtocolConfig.a().ordinal()];
        if (i != 1 && i != 2 && i != 3) {
            if (i == 4) {
                return v;
            }
            throw new Error();
        }
        int i2 = d.f17231c[applicationProtocolConfig.b().ordinal()];
        if (i2 != 1 && i2 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.b() + " behavior");
        }
        int i3 = d.f17230b[applicationProtocolConfig.c().ordinal()];
        if (i3 == 1 || i3 == 2) {
            return new C0926z(applicationProtocolConfig);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.c() + " behavior");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager a(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(long j, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j2;
        long j3;
        long j4 = 0;
        M m = null;
        try {
            try {
                m = PemX509Certificate.toPEM(InterfaceC0753k.f14742a, true, x509CertificateArr);
                j2 = a(InterfaceC0753k.f14742a, m.retain());
            } catch (Throwable th) {
                th = th;
            }
        } catch (SSLException e2) {
            throw e2;
        } catch (Exception e3) {
            e = e3;
        } catch (Throwable th2) {
            th = th2;
            j2 = 0;
            j3 = 0;
        }
        try {
            long a2 = a(InterfaceC0753k.f14742a, m.retain());
            if (privateKey != null) {
                try {
                    j4 = a(privateKey);
                } catch (SSLException e4) {
                    throw e4;
                } catch (Exception e5) {
                    e = e5;
                    throw new SSLException("failed to set certificate and key", e);
                }
            }
            SSLContext.setCertificateBio(j, j2, j4, str == null ? "" : str);
            SSLContext.setCertificateChainBio(j, a2, false);
            d(j4);
            d(j2);
            d(a2);
            if (m != null) {
                m.release();
            }
        } catch (SSLException e6) {
            throw e6;
        } catch (Exception e7) {
            e = e7;
        } catch (Throwable th3) {
            th = th3;
            j3 = 0;
            d(0L);
            d(j2);
            d(j3);
            if (m != null) {
                m.release();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509KeyManager x509KeyManager) {
        return io.netty.util.internal.p.v() >= 7 && (x509KeyManager instanceof X509ExtendedKeyManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509TrustManager x509TrustManager) {
        return io.netty.util.internal.p.v() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    protected static X509Certificate[] a(byte[][] bArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr[i] = new L(bArr[i]);
        }
        return x509CertificateArr;
    }

    private static long d(AbstractC0752j abstractC0752j) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int W1 = abstractC0752j.W1();
            if (SSL.writeToBIO(newMemBIO, C0922v.a(abstractC0752j) + abstractC0752j.X1(), W1) == W1) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            abstractC0752j.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void d(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    @Override // io.netty.handler.ssl.V
    public final SSLEngine a(InterfaceC0753k interfaceC0753k) {
        return a(interfaceC0753k, (String) null, -1);
    }

    @Override // io.netty.handler.ssl.V
    public final SSLEngine a(InterfaceC0753k interfaceC0753k, String str, int i) {
        return c(interfaceC0753k, str, i);
    }

    public void a(boolean z) {
        this.o = z;
    }

    @Deprecated
    public final void a(byte[] bArr) {
        j().a(bArr);
    }

    @Override // io.netty.handler.ssl.V
    public InterfaceC0905d b() {
        return this.h;
    }

    @Override // io.netty.handler.ssl.V
    public final List<String> c() {
        return this.f17226e;
    }

    SSLEngine c(InterfaceC0753k interfaceC0753k, String str, int i) {
        return new S(this, interfaceC0753k, str, i, true);
    }

    @Override // io.netty.handler.ssl.V
    public final boolean d() {
        return this.i == 0;
    }

    @Override // io.netty.handler.ssl.V
    public final long g() {
        return this.f17227f;
    }

    @Override // io.netty.handler.ssl.V
    public abstract I j();

    @Override // io.netty.handler.ssl.V
    public final long k() {
        return this.g;
    }

    @Deprecated
    public final long p() {
        return this.f17223b;
    }

    @Override // io.netty.util.x
    public final int refCnt() {
        return this.k.refCnt();
    }

    @Override // io.netty.util.x
    public final boolean release() {
        return this.k.release();
    }

    @Override // io.netty.util.x
    public final boolean release(int i) {
        return this.k.release(i);
    }

    @Override // io.netty.util.x
    public final io.netty.util.x retain() {
        this.k.retain();
        return this;
    }

    @Override // io.netty.util.x
    public final io.netty.util.x retain(int i) {
        this.k.retain(i);
        return this;
    }

    final void s() {
        synchronized (Q.class) {
            if (this.f17223b != 0) {
                SSLContext.free(this.f17223b);
                this.f17223b = 0L;
            }
            if (this.f17224c != 0) {
                Pool.destroy(this.f17224c);
                this.f17224c = 0L;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract E t();

    @Override // io.netty.util.x
    public final io.netty.util.x touch() {
        this.k.touch();
        return this;
    }

    @Override // io.netty.util.x
    public final io.netty.util.x touch(Object obj) {
        this.k.touch(obj);
        return this;
    }

    public final long u() {
        return this.f17223b;
    }

    @Deprecated
    public final J v() {
        return j().b();
    }
}
