package io.netty.handler.ssl;

import defpackage.rbd;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.util.ResourceLeakDetector;
import io.netty.util.internal.PlatformDependent;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* loaded from: classes5.dex */
public abstract class i0 extends k0 implements io.netty.util.o {
    private static final List<String> w;
    private static final Integer x;
    protected volatile long c;
    long f;
    private final List<String> l;
    private final t m;
    private final int n;
    private final io.netty.util.p o;
    private final io.netty.util.b p;
    final Certificate[] q;
    final ClientAuth r;
    final y s;
    volatile boolean t;
    private static final io.netty.util.internal.logging.b u = io.netty.util.internal.logging.c.a(i0.class);
    private static final boolean v = ((Boolean) AccessController.doPrivileged(new a())).booleanValue();
    private static final ResourceLeakDetector<i0> y = io.netty.util.q.b().c(i0.class, 128, Long.MAX_VALUE);
    static final t z = new c();

    /* loaded from: classes5.dex */
    static class a implements PrivilegedAction<Boolean> {
        a() {
        }

        @Override // java.security.PrivilegedAction
        public Boolean run() {
            return Boolean.valueOf(io.netty.util.internal.p.c("jdk.tls.rejectClientInitiatedRenegotiation", false));
        }
    }

    /* loaded from: classes5.dex */
    class b extends io.netty.util.b {
        b() {
        }

        @Override // io.netty.util.b
        protected void a() {
            i0.this.s();
            if (i0.this.o != null) {
                i0.this.o.close();
            }
        }

        @Override // io.netty.util.o
        public io.netty.util.o y(Object obj) {
            if (i0.this.o != null) {
                i0.this.o.a(obj);
            }
            return i0.this;
        }
    }

    /* loaded from: classes5.dex */
    static class c implements t {
        c() {
        }

        @Override // io.netty.handler.ssl.t
        public ApplicationProtocolConfig.SelectorFailureBehavior a() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.netty.handler.ssl.t
        public ApplicationProtocolConfig.Protocol b() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }

        @Override // io.netty.handler.ssl.a
        public List<String> c() {
            return Collections.emptyList();
        }

        @Override // io.netty.handler.ssl.t
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior e() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }
    }

    /* loaded from: classes5.dex */
    static class d implements PrivilegedAction<String> {
        d() {
        }

        @Override // java.security.PrivilegedAction
        public String run() {
            return io.netty.util.internal.p.a("jdk.tls.ephemeralDHKeySize");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public static abstract class e implements CertificateVerifier {
        /* JADX INFO: Access modifiers changed from: package-private */
        public e(y yVar) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes5.dex */
    public static final class f implements y {
        private final Map<Long, ReferenceCountedOpenSslEngine> a = PlatformDependent.Q();

        private f() {
        }

        f(a aVar) {
        }

        public void a(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) {
            this.a.put(Long.valueOf(referenceCountedOpenSslEngine.K()), referenceCountedOpenSslEngine);
        }

        public ReferenceCountedOpenSslEngine b(long j) {
            return this.a.remove(Long.valueOf(j));
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA");
        w = Collections.unmodifiableList(arrayList);
        if (u.c()) {
            u.p("Default cipher suite (OpenSSL): " + arrayList);
        }
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new d());
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    u.p("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        x = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public i0(Iterable<String> iterable, io.netty.handler.ssl.d dVar, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, boolean z2, boolean z3) {
        this(iterable, dVar, F(applicationProtocolConfig), j, j2, i, certificateArr, clientAuth, z2, z3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public i0(Iterable<String> iterable, io.netty.handler.ssl.d dVar, t tVar, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, boolean z2, boolean z3) {
        super(z2);
        ClientAuth clientAuth2;
        int i2;
        String next;
        this.p = new b();
        ArrayList arrayList = null;
        this.s = new f(null);
        r.b();
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.o = z3 ? y.i(this) : null;
        this.n = i;
        if (e()) {
            rbd.o(clientAuth, "clientAuth");
            clientAuth2 = clientAuth;
        } else {
            clientAuth2 = ClientAuth.NONE;
        }
        this.r = clientAuth2;
        if (i == 1) {
            this.t = v;
        }
        this.q = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            arrayList = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (it.hasNext() && (next = it.next()) != null) {
                String c2 = io.netty.handler.ssl.c.c(next);
                if (c2 != null) {
                    next = c2;
                }
                arrayList.add(next);
            }
        }
        rbd.o(dVar, "cipherFilter");
        this.l = Arrays.asList(dVar.a(arrayList, w, r.a()));
        rbd.o(tVar, "apn");
        this.m = tVar;
        this.f = Pool.create(0L);
        try {
            synchronized (i0.class) {
                try {
                    try {
                        this.c = SSLContext.make(this.f, 31, i);
                        SSLContext.setOptions(this.c, 4095);
                        SSLContext.setOptions(this.c, 16777216);
                        SSLContext.setOptions(this.c, 33554432);
                        SSLContext.setOptions(this.c, 4194304);
                        SSLContext.setOptions(this.c, 524288);
                        SSLContext.setOptions(this.c, 1048576);
                        SSLContext.setOptions(this.c, 65536);
                        SSLContext.setOptions(this.c, 16384);
                        SSLContext.setMode(this.c, SSLContext.getMode(this.c) | 2);
                        if (x != null) {
                            SSLContext.setTmpDHLength(this.c, x.intValue());
                        }
                        try {
                            try {
                                SSLContext.setCipherSuite(this.c, io.netty.handler.ssl.c.b(this.l));
                                List<String> c3 = tVar.c();
                                if (!c3.isEmpty()) {
                                    String[] strArr = (String[]) c3.toArray(new String[c3.size()]);
                                    int ordinal = tVar.a().ordinal();
                                    if (ordinal == 1) {
                                        i2 = 0;
                                    } else {
                                        if (ordinal != 2) {
                                            throw new Error();
                                        }
                                        i2 = 1;
                                    }
                                    int ordinal2 = tVar.b().ordinal();
                                    if (ordinal2 == 1) {
                                        SSLContext.setNpnProtos(this.c, strArr, i2);
                                    } else if (ordinal2 == 2) {
                                        SSLContext.setAlpnProtos(this.c, strArr, i2);
                                    } else {
                                        if (ordinal2 != 3) {
                                            throw new Error();
                                        }
                                        SSLContext.setNpnProtos(this.c, strArr, i2);
                                        SSLContext.setAlpnProtos(this.c, strArr, i2);
                                    }
                                }
                                if (j > 0) {
                                    SSLContext.setSessionCacheSize(this.c, j);
                                } else {
                                    SSLContext.setSessionCacheSize(this.c, SSLContext.setSessionCacheSize(this.c, 20480L));
                                }
                                if (j2 > 0) {
                                    SSLContext.setSessionCacheTimeout(this.c, j2);
                                } else {
                                    SSLContext.setSessionCacheTimeout(this.c, SSLContext.setSessionCacheTimeout(this.c, 300L));
                                }
                            } catch (SSLException e2) {
                                throw e2;
                            }
                        } catch (Exception e3) {
                            throw new SSLException("failed to set cipher suite: " + this.l, e3);
                        }
                    } catch (Exception e4) {
                        throw new SSLException("failed to create an SSL_CTX", e4);
                    }
                } catch (Throwable th) {
                    throw th;
                }
            }
        } catch (Throwable th2) {
            d();
            throw th2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void B(long j, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) {
        long j2;
        long j3;
        long j4 = 0;
        f0 f0Var = null;
        try {
            try {
                f0Var = PemX509Certificate.b(io.netty.buffer.k.a, true, x509CertificateArr);
                j3 = C(io.netty.buffer.k.a, f0Var.f());
                try {
                    long C = C(io.netty.buffer.k.a, f0Var.f());
                    if (privateKey != null) {
                        try {
                            j4 = D(privateKey);
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            e = e3;
                            throw new SSLException("failed to set certificate and key", e);
                        } catch (Throwable th) {
                            th = th;
                            j2 = C;
                            t(j4);
                            t(j3);
                            t(j2);
                            if (f0Var != null) {
                                f0Var.d();
                            }
                            throw th;
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j, j3, j4, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j, C, true);
                        t(j4);
                        t(j3);
                        t(C);
                        f0Var.d();
                    } catch (SSLException e4) {
                    } catch (Exception e5) {
                        e = e5;
                        throw new SSLException("failed to set certificate and key", e);
                    }
                } catch (SSLException e6) {
                } catch (Exception e7) {
                    e = e7;
                } catch (Throwable th2) {
                    th = th2;
                    j2 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e8) {
            throw e8;
        } catch (Exception e9) {
            e = e9;
        } catch (Throwable th4) {
            th = th4;
            j2 = 0;
            j3 = 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long C(io.netty.buffer.k kVar, f0 f0Var) {
        try {
            io.netty.buffer.j content = f0Var.content();
            if (content.F0()) {
                return x(content.q1());
            }
            io.netty.buffer.j j = kVar.j(content.l1());
            try {
                j.P1(content, content.m1(), content.l1());
                long x2 = x(j.q1());
                try {
                    if (f0Var.v()) {
                        io.netty.handler.ssl.b.b(j);
                    }
                    return x2;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (f0Var.v()) {
                        io.netty.handler.ssl.b.b(j);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            f0Var.d();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long D(PrivateKey privateKey) {
        io.netty.buffer.k kVar = io.netty.buffer.k.a;
        f0 g = PemPrivateKey.g(kVar, true, privateKey);
        try {
            return C(kVar, g.f());
        } finally {
            g.d();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long E(X509Certificate... x509CertificateArr) {
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        io.netty.buffer.k kVar = io.netty.buffer.k.a;
        f0 b2 = PemX509Certificate.b(kVar, true, x509CertificateArr);
        try {
            return C(kVar, b2.f());
        } finally {
            b2.d();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static t F(ApplicationProtocolConfig applicationProtocolConfig) {
        int ordinal;
        if (applicationProtocolConfig != null && (ordinal = applicationProtocolConfig.a().ordinal()) != 0) {
            if (ordinal != 1 && ordinal != 2 && ordinal != 3) {
                throw new Error();
            }
            int ordinal2 = applicationProtocolConfig.b().ordinal();
            if (ordinal2 != 0 && ordinal2 != 2) {
                throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.b() + " behavior");
            }
            int ordinal3 = applicationProtocolConfig.c().ordinal();
            if (ordinal3 == 1 || ordinal3 == 2) {
                return new w(applicationProtocolConfig);
            }
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.c() + " behavior");
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager p(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager r(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void t(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    private static long x(io.netty.buffer.j jVar) {
        try {
            long newMemBIO = SSL.newMemBIO();
            int l1 = jVar.l1();
            if (SSL.writeToBIO(newMemBIO, r.h(jVar) + jVar.m1(), l1) == l1) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.d();
        }
    }

    public abstract e0 A();

    @Override // io.netty.handler.ssl.k0
    public final boolean c() {
        return this.n == 0;
    }

    @Override // io.netty.util.o
    public final boolean d() {
        return this.p.d();
    }

    @Override // io.netty.handler.ssl.k0
    public final SSLEngine i(io.netty.buffer.k kVar, String str, int i) {
        return z(kVar, str, i);
    }

    public io.netty.handler.ssl.a o() {
        return this.m;
    }

    @Override // io.netty.util.o
    public final int q() {
        return this.p.q();
    }

    final void s() {
        synchronized (i0.class) {
            if (this.c != 0) {
                SSLContext.free(this.c);
                this.c = 0L;
            }
            if (this.f != 0) {
                Pool.destroy(this.f);
                this.f = 0L;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract b0 w();

    @Override // io.netty.util.o
    public final io.netty.util.o y(Object obj) {
        this.p.y(obj);
        return this;
    }

    SSLEngine z(io.netty.buffer.k kVar, String str, int i) {
        return new ReferenceCountedOpenSslEngine(this, kVar, str, i, true);
    }
}
