package io.grpc.netty.shaded.io.netty.handler.ssl;

import io.grpc.netty.shaded.io.netty.handler.ssl.ApplicationProtocolConfig;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSL;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSLContext;
import io.grpc.netty.shaded.io.netty.util.ResourceLeakDetector;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* compiled from: ReferenceCountedOpenSslContext.java */
/* loaded from: classes5.dex */
public abstract class p0 extends u0 implements io.grpc.netty.shaded.io.netty.util.s {
    private static final Integer s;

    /* renamed from: b, reason: collision with root package name */
    protected long f18461b;

    /* renamed from: c, reason: collision with root package name */
    private final List<String> f18462c;

    /* renamed from: d, reason: collision with root package name */
    private final y f18463d;
    private final int e;
    private final io.grpc.netty.shaded.io.netty.util.w<p0> f;
    private final io.grpc.netty.shaded.io.netty.util.b g;
    final Certificate[] h;
    final ClientAuth i;
    final String[] j;
    final boolean k;
    final d0 l;
    final ReadWriteLock m;
    private volatile boolean n;
    private volatile int o;
    private static final io.grpc.netty.shaded.io.netty.util.internal.logging.b p = io.grpc.netty.shaded.io.netty.util.internal.logging.c.a((Class<?>) p0.class);
    private static final boolean q = ((Boolean) AccessController.doPrivileged(new a())).booleanValue();
    private static final int r = ((Integer) AccessController.doPrivileged(new b())).intValue();
    private static final ResourceLeakDetector<p0> t = io.grpc.netty.shaded.io.netty.util.u.b().a(p0.class);
    static final y u = new d();

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    static class a implements PrivilegedAction<Boolean> {
        a() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public Boolean run() {
            return Boolean.valueOf(io.grpc.netty.shaded.io.netty.util.internal.y.a("jdk.tls.rejectClientInitiatedRenegotiation", false));
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    static class b implements PrivilegedAction<Integer> {
        b() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public Integer run() {
            return Integer.valueOf(Math.max(1, io.grpc.netty.shaded.io.netty.util.internal.y.a("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048)));
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    class c extends io.grpc.netty.shaded.io.netty.util.b {
        c() {
        }

        @Override // io.grpc.netty.shaded.io.netty.util.b
        protected void deallocate() {
            p0.this.m();
            if (p0.this.f != null) {
                p0.this.f.close(p0.this);
            }
        }

        @Override // io.grpc.netty.shaded.io.netty.util.s
        public io.grpc.netty.shaded.io.netty.util.s touch(Object obj) {
            if (p0.this.f != null) {
                p0.this.f.a(obj);
            }
            return p0.this;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    static class d implements y {
        d() {
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.b
        public List<String> a() {
            return Collections.emptyList();
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.y
        public ApplicationProtocolConfig.Protocol b() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.y
        public ApplicationProtocolConfig.SelectorFailureBehavior c() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.y
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior e() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    static class e implements PrivilegedAction<String> {
        e() {
        }

        @Override // java.security.PrivilegedAction
        public String run() {
            return io.grpc.netty.shaded.io.netty.util.internal.y.b("jdk.tls.ephemeralDHKeySize");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    public static /* synthetic */ class f {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f18465a;

        /* renamed from: b, reason: collision with root package name */
        static final /* synthetic */ int[] f18466b;

        /* renamed from: c, reason: collision with root package name */
        static final /* synthetic */ int[] f18467c = new int[ApplicationProtocolConfig.SelectedListenerFailureBehavior.values().length];

        static {
            try {
                f18467c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f18467c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            f18466b = new int[ApplicationProtocolConfig.SelectorFailureBehavior.values().length];
            try {
                f18466b[ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f18466b[ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            f18465a = new int[ApplicationProtocolConfig.Protocol.values().length];
            try {
                f18465a[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                f18465a[ApplicationProtocolConfig.Protocol.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f18465a[ApplicationProtocolConfig.Protocol.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f18465a[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    public static abstract class g extends io.grpc.netty.shaded.io.netty.internal.tcnative.b {
        /* JADX INFO: Access modifiers changed from: package-private */
        public g(d0 d0Var) {
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    private static final class h implements d0 {

        /* renamed from: a, reason: collision with root package name */
        private final Map<Long, q0> f18468a;

        private h() {
            this.f18468a = io.grpc.netty.shaded.io.netty.util.internal.q.u();
        }

        /* synthetic */ h(a aVar) {
            this();
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.d0
        public q0 a(long j) {
            return this.f18468a.remove(Long.valueOf(j));
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.d0
        public void a(q0 q0Var) {
            this.f18468a.put(Long.valueOf(q0Var.f()), q0Var);
        }
    }

    static {
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new e());
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    p.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        s = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public p0(Iterable<String> iterable, io.grpc.netty.shaded.io.netty.handler.ssl.e eVar, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2, boolean z3) throws SSLException {
        this(iterable, eVar, a(applicationProtocolConfig), j, j2, i, certificateArr, clientAuth, strArr, z, z2, z3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public p0(Iterable<String> iterable, io.grpc.netty.shaded.io.netty.handler.ssl.e eVar, y yVar, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2, boolean z3) throws SSLException {
        super(z);
        ClientAuth clientAuth2;
        this.g = new c();
        this.l = new h(0 == true ? 1 : 0);
        this.m = new ReentrantReadWriteLock();
        this.o = r;
        x.c();
        if (z2 && !x.g()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.f = z3 ? t.a((ResourceLeakDetector<p0>) this) : null;
        this.e = i;
        if (b()) {
            io.grpc.netty.shaded.io.netty.util.internal.p.a(clientAuth, "clientAuth");
            clientAuth2 = clientAuth;
        } else {
            clientAuth2 = ClientAuth.NONE;
        }
        this.i = clientAuth2;
        this.j = strArr;
        this.k = z2;
        if (i == 1) {
            this.n = q;
        }
        this.h = certificateArr != null ? (Certificate[]) certificateArr.clone() : null;
        io.grpc.netty.shaded.io.netty.util.internal.p.a(eVar, "cipherFilter");
        this.f18462c = Arrays.asList(eVar.a(iterable, x.f18508c, x.a()));
        io.grpc.netty.shaded.io.netty.util.internal.p.a(yVar, "apn");
        this.f18463d = yVar;
        try {
            try {
                this.f18461b = SSLContext.make(31, i);
                SSLContext.setOptions(this.f18461b, SSLContext.getOptions(this.f18461b) | SSL.f18539b | SSL.f18540c | SSL.f18538a | SSL.h | SSL.g);
                SSLContext.setMode(this.f18461b, SSLContext.getMode(this.f18461b) | SSL.k);
                if (s != null) {
                    SSLContext.setTmpDHLength(this.f18461b, s.intValue());
                }
                try {
                    SSLContext.setCipherSuite(this.f18461b, io.grpc.netty.shaded.io.netty.handler.ssl.d.a(this.f18462c));
                    List<String> a2 = yVar.a();
                    if (!a2.isEmpty()) {
                        String[] strArr2 = (String[]) a2.toArray(new String[a2.size()]);
                        int a3 = a(yVar.c());
                        int i2 = f.f18465a[yVar.b().ordinal()];
                        if (i2 == 1) {
                            SSLContext.setNpnProtos(this.f18461b, strArr2, a3);
                        } else if (i2 == 2) {
                            SSLContext.setAlpnProtos(this.f18461b, strArr2, a3);
                        } else {
                            if (i2 != 3) {
                                throw new Error();
                            }
                            SSLContext.setNpnProtos(this.f18461b, strArr2, a3);
                            SSLContext.setAlpnProtos(this.f18461b, strArr2, a3);
                        }
                    }
                    if (j > 0) {
                        SSLContext.setSessionCacheSize(this.f18461b, j);
                    } else {
                        SSLContext.setSessionCacheSize(this.f18461b, SSLContext.setSessionCacheSize(this.f18461b, 20480L));
                    }
                    if (j2 > 0) {
                        SSLContext.setSessionCacheTimeout(this.f18461b, j2);
                    } else {
                        SSLContext.setSessionCacheTimeout(this.f18461b, SSLContext.setSessionCacheTimeout(this.f18461b, 300L));
                    }
                    if (z2) {
                        SSLContext.enableOcsp(this.f18461b, a());
                    }
                } catch (SSLException e2) {
                    throw e2;
                } catch (Exception e3) {
                    throw new SSLException("failed to set cipher suite: " + this.f18462c, e3);
                }
            } catch (Exception e4) {
                throw new SSLException("failed to create an SSL_CTX", e4);
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    private static int a(ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior) {
        int i = f.f18466b[selectorFailureBehavior.ordinal()];
        if (i == 1) {
            return 0;
        }
        if (i == 2) {
            return 1;
        }
        throw new Error();
    }

    private static long a(io.grpc.u0.a.a.a.b.j jVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int U = jVar.U();
            if (SSL.bioWrite(newMemBIO, x.a(jVar) + jVar.V(), U) == U) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(io.grpc.u0.a.a.a.b.k kVar, m0 m0Var) throws Exception {
        try {
            io.grpc.u0.a.a.a.b.j content = m0Var.content();
            if (content.C()) {
                return a(content.W());
            }
            io.grpc.u0.a.a.a.b.j c2 = kVar.c(content.U());
            try {
                c2.a(content, content.V(), content.U());
                long a2 = a(c2.W());
                try {
                    if (m0Var.isSensitive()) {
                        z0.a(c2);
                    }
                    return a2;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (m0Var.isSensitive()) {
                        z0.a(c2);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            m0Var.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        io.grpc.u0.a.a.a.b.k kVar = io.grpc.u0.a.a.a.b.k.f19019a;
        m0 pem = PemPrivateKey.toPEM(kVar, true, privateKey);
        try {
            return a(kVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        io.grpc.u0.a.a.a.b.k kVar = io.grpc.u0.a.a.a.b.k.f19019a;
        m0 pem = PemX509Certificate.toPEM(kVar, true, x509CertificateArr);
        try {
            return a(kVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static y a(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return u;
        }
        int i = f.f18465a[applicationProtocolConfig.a().ordinal()];
        if (i != 1 && i != 2 && i != 3) {
            if (i == 4) {
                return u;
            }
            throw new Error();
        }
        int i2 = f.f18467c[applicationProtocolConfig.b().ordinal()];
        if (i2 != 1 && i2 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.b() + " behavior");
        }
        int i3 = f.f18466b[applicationProtocolConfig.c().ordinal()];
        if (i3 == 1 || i3 == 2) {
            return new b0(applicationProtocolConfig);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.c() + " behavior");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager a(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(long j, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j2;
        long j3;
        long j4 = 0;
        m0 m0Var = null;
        try {
            try {
                m0Var = PemX509Certificate.toPEM(io.grpc.u0.a.a.a.b.k.f19019a, true, x509CertificateArr);
                j3 = a(io.grpc.u0.a.a.a.b.k.f19019a, m0Var.retain());
                try {
                    long a2 = a(io.grpc.u0.a.a.a.b.k.f19019a, m0Var.retain());
                    if (privateKey != null) {
                        try {
                            j4 = a(privateKey);
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            e = e3;
                            throw new SSLException("failed to set certificate and key", e);
                        } catch (Throwable th) {
                            th = th;
                            j2 = a2;
                            a(j4);
                            a(j3);
                            a(j2);
                            if (m0Var != null) {
                                m0Var.release();
                            }
                            throw th;
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j, j3, j4, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j, a2, true);
                        a(j4);
                        a(j3);
                        a(a2);
                        if (m0Var != null) {
                            m0Var.release();
                        }
                    } catch (SSLException e4) {
                    } catch (Exception e5) {
                        e = e5;
                        throw new SSLException("failed to set certificate and key", e);
                    }
                } catch (SSLException e6) {
                } catch (Exception e7) {
                    e = e7;
                } catch (Throwable th2) {
                    th = th2;
                    j2 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e8) {
            throw e8;
        } catch (Exception e9) {
            e = e9;
        } catch (Throwable th4) {
            th = th4;
            j2 = 0;
            j3 = 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509KeyManager x509KeyManager) {
        return io.grpc.netty.shaded.io.netty.util.internal.q.q() >= 7 && (x509KeyManager instanceof X509ExtendedKeyManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509TrustManager x509TrustManager) {
        return io.grpc.netty.shaded.io.netty.util.internal.q.q() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void m() {
        Lock writeLock = this.m.writeLock();
        writeLock.lock();
        try {
            if (this.f18461b != 0) {
                if (this.k) {
                    SSLContext.disableOcsp(this.f18461b);
                }
                SSLContext.free(this.f18461b);
                this.f18461b = 0L;
            }
        } finally {
            writeLock.unlock();
        }
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.u0
    public final SSLEngine a(io.grpc.u0.a.a.a.b.k kVar, String str, int i) {
        return a(kVar, str, i, true);
    }

    SSLEngine a(io.grpc.u0.a.a.a.b.k kVar, String str, int i, boolean z) {
        return new q0(this, kVar, str, i, z, true);
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.u0
    public final boolean a() {
        return this.e == 0;
    }

    public io.grpc.netty.shaded.io.netty.handler.ssl.b d() {
        return this.f18463d;
    }

    public int f() {
        return this.o;
    }

    public boolean g() {
        return this.n;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract g0 h();

    public abstract j0 i();

    @Override // io.grpc.netty.shaded.io.netty.util.s
    public final int refCnt() {
        return this.g.refCnt();
    }

    @Override // io.grpc.netty.shaded.io.netty.util.s
    public final boolean release() {
        return this.g.release();
    }

    @Override // io.grpc.netty.shaded.io.netty.util.s
    public final boolean release(int i) {
        return this.g.release(i);
    }

    @Override // io.grpc.netty.shaded.io.netty.util.s
    public final io.grpc.netty.shaded.io.netty.util.s retain() {
        this.g.retain();
        return this;
    }

    @Override // io.grpc.netty.shaded.io.netty.util.s
    public final io.grpc.netty.shaded.io.netty.util.s retain(int i) {
        this.g.retain(i);
        return this;
    }

    @Override // io.grpc.netty.shaded.io.netty.util.s
    public final io.grpc.netty.shaded.io.netty.util.s touch() {
        this.g.touch();
        return this;
    }

    @Override // io.grpc.netty.shaded.io.netty.util.s
    public final io.grpc.netty.shaded.io.netty.util.s touch(Object obj) {
        this.g.touch(obj);
        return this;
    }
}
