package io.netty.handler.ssl;

import com.comscore.BuildConfig;
import io.netty.handler.ssl.a;
import io.netty.util.a;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;
import p.a2;
import p.be3;
import p.ce3;
import p.dfh;
import p.dgp;
import p.dh2;
import p.e0;
import p.eh2;
import p.f5n;
import p.i8o;
import p.l6k;
import p.mhk;
import p.nhk;
import p.oqg;
import p.qqg;
import p.r7h;
import p.s7h;
import p.t7h;
import p.tsc;
import p.u7h;
import p.usc;
import p.vsj;

/* loaded from: classes4.dex */
public abstract class r extends t implements l6k {
    public static final tsc C;
    public static final boolean D;
    public static final List<String> E;
    public static final Integer F;
    public static final io.netty.util.a<r> G;
    public static final l H;
    public final oqg A;
    public volatile boolean B;
    public volatile long c;
    public long d;
    public final List<String> t;
    public final l u;
    public final int v;
    public final mhk w;
    public final a2 x;
    public final Certificate[] y;
    public final int z;

    /* loaded from: classes4.dex */
    public static class a implements PrivilegedAction<Boolean> {
        @Override // java.security.PrivilegedAction
        public Boolean run() {
            return Boolean.valueOf(i8o.b("jdk.tls.rejectClientInitiatedRenegotiation", false));
        }
    }

    /* loaded from: classes4.dex */
    public class b extends a2 {
        public b() {
        }

        @Override // p.a2
        public void b() {
            r.this.k();
            mhk mhkVar = r.this.w;
            if (mhkVar != null) {
                ((a.C0232a) mhkVar).a();
            }
        }

        @Override // p.l6k
        public l6k s(Object obj) {
            mhk mhkVar = r.this.w;
            if (mhkVar != null) {
                ((a.C0232a) mhkVar).c(obj, 3);
            }
            return r.this;
        }
    }

    /* loaded from: classes4.dex */
    public static class c implements l {
        @Override // io.netty.handler.ssl.l
        public a.c a() {
            return a.c.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.netty.handler.ssl.l
        public a.EnumC0229a b() {
            return a.EnumC0229a.NONE;
        }

        @Override // p.dn0
        public List<String> c() {
            return Collections.emptyList();
        }

        @Override // io.netty.handler.ssl.l
        public a.b e() {
            return a.b.ACCEPT;
        }
    }

    /* loaded from: classes4.dex */
    public static class d implements PrivilegedAction<String> {
        @Override // java.security.PrivilegedAction
        public String run() {
            return i8o.a("jdk.tls.ephemeralDHKeySize", null);
        }
    }

    /* loaded from: classes4.dex */
    public static abstract class e implements CertificateVerifier {
        public e(oqg oqgVar) {
        }
    }

    /* loaded from: classes4.dex */
    public static final class f implements oqg {
        public final Map<Long, s> a = dfh.q();

        public f(a aVar) {
        }
    }

    static {
        usc uscVar = usc.a;
        tsc a2 = usc.a(r.class.getName());
        C = a2;
        D = ((Boolean) AccessController.doPrivileged(new a())).booleanValue();
        G = nhk.b.a(r.class, 128, Long.MAX_VALUE);
        H = new c();
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA");
        E = Collections.unmodifiableList(arrayList);
        if (a2.c()) {
            a2.p("Default cipher suite (OpenSSL): " + arrayList);
        }
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new d());
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    C.p("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        F = num;
    }

    /* JADX WARN: Incorrect types in method signature: (Ljava/lang/Iterable<Ljava/lang/String;>;Lp/ce3;Lio/netty/handler/ssl/a;JJI[Ljava/security/cert/Certificate;Ljava/lang/Object;ZZ)V */
    public r(Iterable iterable, ce3 ce3Var, io.netty.handler.ssl.a aVar, long j, long j2, int i, Certificate[] certificateArr, int i2, boolean z, boolean z2) {
        this(iterable, ce3Var, z(aVar), j, j2, i, certificateArr, i2, z, z2);
    }

    /* JADX WARN: Incorrect types in method signature: (Ljava/lang/Iterable<Ljava/lang/String;>;Lp/ce3;Lio/netty/handler/ssl/l;JJI[Ljava/security/cert/Certificate;Ljava/lang/Object;ZZ)V */
    public r(Iterable iterable, ce3 ce3Var, l lVar, long j, long j2, int i, Certificate[] certificateArr, int i2, boolean z, boolean z2) {
        super(z);
        int i3;
        int i4;
        String str;
        this.x = new b();
        ArrayList arrayList = null;
        this.A = new f(null);
        Throwable th = j.b;
        if (th != null) {
            throw ((Error) new UnsatisfiedLinkError("failed to load the required native library").initCause(th));
        }
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.w = z2 ? G.b(this) : null;
        this.v = i;
        if (e()) {
            i3 = i2;
            f5n.K(i3, "clientAuth");
        } else {
            i3 = 1;
        }
        this.z = i3;
        if (i == 1) {
            this.B = D;
        }
        this.y = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            arrayList = new ArrayList();
            Iterator it = iterable.iterator();
            while (it.hasNext() && (str = (String) it.next()) != null) {
                String c2 = be3.c(str);
                if (c2 != null) {
                    str = c2;
                }
                arrayList.add(str);
            }
        }
        Objects.requireNonNull(ce3Var, "cipherFilter");
        List<String> asList = Arrays.asList(ce3Var.a(arrayList, E, j.d));
        this.t = asList;
        Objects.requireNonNull(lVar, "apn");
        this.u = lVar;
        this.d = Pool.create(0L);
        try {
            synchronized (r.class) {
                try {
                    this.c = SSLContext.make(this.d, 31, i);
                    SSLContext.setOptions(this.c, 4095);
                    SSLContext.setOptions(this.c, 16777216);
                    SSLContext.setOptions(this.c, 33554432);
                    SSLContext.setOptions(this.c, 4194304);
                    SSLContext.setOptions(this.c, 524288);
                    SSLContext.setOptions(this.c, 1048576);
                    SSLContext.setOptions(this.c, 65536);
                    SSLContext.setOptions(this.c, 16384);
                    SSLContext.setMode(this.c, SSLContext.getMode(this.c) | 2);
                    Integer num = F;
                    if (num != null) {
                        SSLContext.setTmpDHLength(this.c, num.intValue());
                    }
                    try {
                        SSLContext.setCipherSuite(this.c, be3.b(asList));
                        List<String> c3 = lVar.c();
                        if (!c3.isEmpty()) {
                            String[] strArr = (String[]) c3.toArray(new String[c3.size()]);
                            int ordinal = lVar.a().ordinal();
                            if (ordinal == 1) {
                                i4 = 0;
                            } else {
                                if (ordinal != 2) {
                                    throw new Error();
                                }
                                i4 = 1;
                            }
                            int ordinal2 = lVar.b().ordinal();
                            if (ordinal2 == 1) {
                                SSLContext.setNpnProtos(this.c, strArr, i4);
                            } else if (ordinal2 == 2) {
                                SSLContext.setAlpnProtos(this.c, strArr, i4);
                            } else {
                                if (ordinal2 != 3) {
                                    throw new Error();
                                }
                                SSLContext.setNpnProtos(this.c, strArr, i4);
                                SSLContext.setAlpnProtos(this.c, strArr, i4);
                            }
                        }
                        if (j > 0) {
                            SSLContext.setSessionCacheSize(this.c, j);
                        } else {
                            SSLContext.setSessionCacheSize(this.c, SSLContext.setSessionCacheSize(this.c, 20480L));
                        }
                        if (j2 > 0) {
                            SSLContext.setSessionCacheTimeout(this.c, j2);
                        } else {
                            SSLContext.setSessionCacheTimeout(this.c, SSLContext.setSessionCacheTimeout(this.c, 300L));
                        }
                    } catch (SSLException e2) {
                        throw e2;
                    } catch (Exception e3) {
                        throw new SSLException("failed to set cipher suite: " + this.t, e3);
                    }
                } catch (Exception e4) {
                    throw new SSLException("failed to create an SSL_CTX", e4);
                }
            }
        } catch (Throwable th2) {
            a();
            throw th2;
        }
    }

    public static X509TrustManager i(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static X509KeyManager j(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    public static void o(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    public static long t(dh2 dh2Var) {
        try {
            long newMemBIO = SSL.newMemBIO();
            int H0 = dh2Var.H0();
            if (SSL.writeToBIO(newMemBIO, j.c(dh2Var) + dh2Var.I0(), H0) == H0) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            dh2Var.a();
        }
    }

    public static void w(long j, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) {
        long j2;
        long j3;
        long j4 = 0;
        r7h r7hVar = null;
        try {
            try {
                eh2 eh2Var = eh2.a;
                r7hVar = u7h.c(eh2Var, true, x509CertificateArr);
                j3 = y(eh2Var, r7hVar.h());
                try {
                    long y = y(eh2Var, r7hVar.h());
                    if (privateKey != null) {
                        try {
                            j4 = x(privateKey);
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            e = e3;
                            throw new SSLException("failed to set certificate and key", e);
                        } catch (Throwable th) {
                            th = th;
                            j2 = y;
                            o(j4);
                            o(j3);
                            o(j2);
                            if (r7hVar != null) {
                                r7hVar.a();
                            }
                            throw th;
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j, j3, j4, str == null ? BuildConfig.VERSION_NAME : str);
                        SSLContext.setCertificateChainBio(j, y, true);
                        o(j4);
                        o(j3);
                        o(y);
                        r7hVar.a();
                    } catch (SSLException e4) {
                    } catch (Exception e5) {
                        e = e5;
                        throw new SSLException("failed to set certificate and key", e);
                    }
                } catch (SSLException e6) {
                } catch (Exception e7) {
                    e = e7;
                } catch (Throwable th2) {
                    th = th2;
                    j2 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e8) {
            throw e8;
        } catch (Exception e9) {
            e = e9;
        } catch (Throwable th4) {
            th = th4;
            j2 = 0;
            j3 = 0;
        }
    }

    public static long x(PrivateKey privateKey) {
        r7h r7hVar;
        eh2 eh2Var = eh2.a;
        byte[] bArr = s7h.c;
        if (privateKey instanceof r7h) {
            r7hVar = ((r7h) privateKey).h();
        } else {
            dh2 a2 = dgp.a(privateKey.getEncoded());
            try {
                dh2 d2 = vsj.d(eh2Var, a2);
                try {
                    byte[] bArr2 = s7h.c;
                    int length = bArr2.length + d2.H0();
                    byte[] bArr3 = s7h.d;
                    dh2 e2 = ((e0) eh2Var).e(length + bArr3.length);
                    try {
                        e2.C1(bArr2);
                        e2.y1(d2);
                        e2.C1(bArr3);
                        t7h t7hVar = new t7h(e2, true);
                        vsj.e(a2);
                        a2.a();
                        r7hVar = t7hVar;
                    } catch (Throwable th) {
                        vsj.e(e2);
                        e2.a();
                        throw th;
                    }
                } finally {
                    vsj.e(d2);
                    d2.a();
                }
            } catch (Throwable th2) {
                vsj.e(a2);
                a2.a();
                throw th2;
            }
        }
        try {
            return y(eh2Var, r7hVar.h());
        } finally {
            r7hVar.a();
        }
    }

    public static long y(eh2 eh2Var, r7h r7hVar) {
        try {
            dh2 content = r7hVar.content();
            if (content.h0()) {
                return t(content.O0());
            }
            dh2 e2 = ((e0) eh2Var).e(content.H0());
            try {
                e2.A1(content, content.I0(), content.H0());
                long t = t(e2.O0());
                try {
                    if (r7hVar.q()) {
                        vsj.e(e2);
                    }
                    return t;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (r7hVar.q()) {
                        vsj.e(e2);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            r7hVar.a();
        }
    }

    public static l z(io.netty.handler.ssl.a aVar) {
        int ordinal;
        if (aVar != null && (ordinal = aVar.b.ordinal()) != 0) {
            if (ordinal != 1 && ordinal != 2 && ordinal != 3) {
                throw new Error();
            }
            int ordinal2 = aVar.d.ordinal();
            if (ordinal2 != 0 && ordinal2 != 2) {
                throw new UnsupportedOperationException("OpenSSL provider does not support " + aVar.d + " behavior");
            }
            int ordinal3 = aVar.c.ordinal();
            if (ordinal3 == 1 || ordinal3 == 2) {
                return new m(aVar);
            }
            throw new UnsupportedOperationException("OpenSSL provider does not support " + aVar.c + " behavior");
        }
        return H;
    }

    @Override // p.l6k
    public final boolean a() {
        return this.x.a();
    }

    @Override // io.netty.handler.ssl.t
    public final boolean d() {
        return this.v == 0;
    }

    @Override // io.netty.handler.ssl.t
    public final SSLEngine f(eh2 eh2Var, String str, int i) {
        return u(eh2Var, str, i);
    }

    public final void k() {
        synchronized (r.class) {
            if (this.c != 0) {
                SSLContext.free(this.c);
                this.c = 0L;
            }
            long j = this.d;
            if (j != 0) {
                Pool.destroy(j);
                this.d = 0L;
            }
        }
    }

    @Override // p.l6k
    public final int n() {
        return this.x.a;
    }

    public abstract o r();

    @Override // p.l6k
    public final l6k s(Object obj) {
        this.x.s(obj);
        return this;
    }

    public SSLEngine u(eh2 eh2Var, String str, int i) {
        return new s(this, eh2Var, str, i, true);
    }

    public abstract qqg v();
}
