package l90;

import io.netty.internal.tcnative.CertificateVerifier;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import l90.a;

/* loaded from: classes3.dex */
public abstract class d1 extends j1 implements n90.s {
    private static final Integer DH_KEY_LENGTH;
    private final c0 apn;
    private volatile int bioNonApplicationBufferSize;
    public final f clientAuth;
    public long ctx;
    public final ReadWriteLock ctxLock;
    public final boolean enableOcsp;
    public final j0 engineMap;
    public final Certificate[] keyCertChain;
    private final n90.w<d1> leak;
    private final int mode;
    public final String[] protocols;
    private final n90.b refCnt;
    private final long sessionCacheSize;
    private final long sessionTimeout;
    private final List<String> unmodifiableCiphers;
    private static final q90.c logger = q90.d.getInstance((Class<?>) d1.class);
    private static final int DEFAULT_BIO_NON_APPLICATION_BUFFER_SIZE = Math.max(1, p90.z.getInt("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048));
    public static final boolean USE_TASKS = p90.z.getBoolean("io.netty.handler.ssl.openssl.useTasks", false);
    private static final n90.t<d1> leakDetector = n90.u.instance().newResourceLeakDetector(d1.class);
    public static final c0 NONE_PROTOCOL_NEGOTIATOR = new b();

    /* loaded from: classes3.dex */
    public class a extends n90.b {
        public a() {
        }

        @Override // n90.b
        public void deallocate() {
            d1.this.destroy();
            if (d1.this.leak != null) {
                d1.this.leak.close(d1.this);
            }
        }

        @Override // n90.s
        public n90.s touch(Object obj) {
            if (d1.this.leak != null) {
                d1.this.leak.record(obj);
            }
            return d1.this;
        }
    }

    /* loaded from: classes3.dex */
    public static class b implements c0 {
        @Override // l90.c0
        public a.EnumC0476a protocol() {
            return a.EnumC0476a.NONE;
        }

        @Override // l90.b
        public List<String> protocols() {
            return Collections.emptyList();
        }

        @Override // l90.c0
        public a.b selectedListenerFailureBehavior() {
            return a.b.ACCEPT;
        }

        @Override // l90.c0
        public a.c selectorFailureBehavior() {
            return a.c.CHOOSE_MY_LAST_PROTOCOL;
        }
    }

    /* loaded from: classes3.dex */
    public static /* synthetic */ class c {
        public static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol;
        public static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior;
        public static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior;

        static {
            int[] iArr = new int[a.b.values().length];
            $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior = iArr;
            try {
                iArr[a.b.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior[a.b.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[a.c.values().length];
            $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior = iArr2;
            try {
                iArr2[a.c.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior[a.c.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr3 = new int[a.EnumC0476a.values().length];
            $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol = iArr3;
            try {
                iArr3[a.EnumC0476a.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[a.EnumC0476a.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[a.EnumC0476a.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[a.EnumC0476a.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* loaded from: classes3.dex */
    public static abstract class d extends CertificateVerifier {
        private final j0 engineMap;

        public d(j0 j0Var) {
            this.engineMap = j0Var;
        }
    }

    /* loaded from: classes3.dex */
    public static final class e implements j0 {
        private final Map<Long, e1> engines;

        private e() {
            this.engines = p90.p.newConcurrentHashMap();
        }

        public /* synthetic */ e(a aVar) {
            this();
        }

        public void add(e1 e1Var) {
            this.engines.put(Long.valueOf(e1Var.sslPointer()), e1Var);
        }

        public e1 remove(long j11) {
            return this.engines.remove(Long.valueOf(j11));
        }
    }

    static {
        Integer num = null;
        try {
            String str = p90.z.get("jdk.tls.ephemeralDHKeySize");
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    logger.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        DH_KEY_LENGTH = num;
    }

    public d1(Iterable<String> iterable, l90.e eVar, l90.a aVar, long j11, long j12, int i3, Certificate[] certificateArr, f fVar, String[] strArr, boolean z11, boolean z12, boolean z13) throws SSLException {
        this(iterable, eVar, toNegotiator(aVar), j11, j12, i3, certificateArr, fVar, strArr, z11, z12, z13);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public d1(Iterable<String> iterable, l90.e eVar, c0 c0Var, long j11, long j12, int i3, Certificate[] certificateArr, f fVar, String[] strArr, boolean z11, boolean z12, boolean z13) throws SSLException {
        super(z11);
        this.refCnt = new a();
        this.engineMap = new e(0 == true ? 1 : 0);
        this.ctxLock = new ReentrantReadWriteLock();
        this.bioNonApplicationBufferSize = DEFAULT_BIO_NON_APPLICATION_BUFFER_SIZE;
        b0.ensureAvailability();
        if (z12 && !b0.isOcspSupported()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i3 != 1 && i3 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.leak = z13 ? leakDetector.track(this) : null;
        this.mode = i3;
        this.clientAuth = isServer() ? (f) p90.n.checkNotNull(fVar, "clientAuth") : f.NONE;
        this.protocols = strArr;
        this.enableOcsp = z12;
        this.keyCertChain = certificateArr != null ? (Certificate[]) certificateArr.clone() : null;
        List<String> asList = Arrays.asList(((l90.e) p90.n.checkNotNull(eVar, "cipherFilter")).filterCipherSuites(iterable, b0.DEFAULT_CIPHERS, b0.availableJavaCipherSuites()));
        this.unmodifiableCiphers = asList;
        this.apn = (c0) p90.n.checkNotNull(c0Var, "apn");
        try {
            try {
                this.ctx = SSLContext.make(b0.isTlsv13Supported() ? 62 : 30, i3);
                boolean isTlsv13Supported = b0.isTlsv13Supported();
                StringBuilder sb2 = new StringBuilder();
                StringBuilder sb3 = new StringBuilder();
                try {
                    try {
                        if (asList.isEmpty()) {
                            SSLContext.setCipherSuite(this.ctx, "", false);
                            if (isTlsv13Supported) {
                                SSLContext.setCipherSuite(this.ctx, "", true);
                            }
                        } else {
                            l90.d.convertToCipherStrings(asList, sb2, sb3, b0.isBoringSSL());
                            SSLContext.setCipherSuite(this.ctx, sb2.toString(), false);
                            if (isTlsv13Supported) {
                                SSLContext.setCipherSuite(this.ctx, sb3.toString(), true);
                            }
                        }
                        int options = SSLContext.getOptions(this.ctx) | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1_3 | SSL.SSL_OP_CIPHER_SERVER_PREFERENCE | SSL.SSL_OP_NO_COMPRESSION | SSL.SSL_OP_NO_TICKET;
                        SSLContext.setOptions(this.ctx, sb2.length() == 0 ? options | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1 | SSL.SSL_OP_NO_TLSv1_1 | SSL.SSL_OP_NO_TLSv1_2 : options);
                        long j13 = this.ctx;
                        SSLContext.setMode(j13, SSLContext.getMode(j13) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
                        Integer num = DH_KEY_LENGTH;
                        if (num != null) {
                            SSLContext.setTmpDHLength(this.ctx, num.intValue());
                        }
                        List<String> protocols = c0Var.protocols();
                        if (!protocols.isEmpty()) {
                            String[] strArr2 = (String[]) protocols.toArray(new String[0]);
                            int opensslSelectorFailureBehavior = opensslSelectorFailureBehavior(c0Var.selectorFailureBehavior());
                            int i4 = c.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[c0Var.protocol().ordinal()];
                            if (i4 == 1) {
                                SSLContext.setNpnProtos(this.ctx, strArr2, opensslSelectorFailureBehavior);
                            } else if (i4 == 2) {
                                SSLContext.setAlpnProtos(this.ctx, strArr2, opensslSelectorFailureBehavior);
                            } else {
                                if (i4 != 3) {
                                    throw new Error();
                                }
                                SSLContext.setNpnProtos(this.ctx, strArr2, opensslSelectorFailureBehavior);
                                SSLContext.setAlpnProtos(this.ctx, strArr2, opensslSelectorFailureBehavior);
                            }
                        }
                        long sessionCacheSize = j11 <= 0 ? SSLContext.setSessionCacheSize(this.ctx, 20480L) : j11;
                        this.sessionCacheSize = sessionCacheSize;
                        SSLContext.setSessionCacheSize(this.ctx, sessionCacheSize);
                        long sessionCacheTimeout = j12 <= 0 ? SSLContext.setSessionCacheTimeout(this.ctx, 300L) : j12;
                        this.sessionTimeout = sessionCacheTimeout;
                        SSLContext.setSessionCacheTimeout(this.ctx, sessionCacheTimeout);
                        if (z12) {
                            SSLContext.enableOcsp(this.ctx, isClient());
                        }
                        SSLContext.setUseTasks(this.ctx, USE_TASKS);
                    } catch (Exception e11) {
                        throw new SSLException("failed to set cipher suite: " + this.unmodifiableCiphers, e11);
                    }
                } catch (SSLException e12) {
                    throw e12;
                }
            } catch (Exception e13) {
                throw new SSLException("failed to create an SSL_CTX", e13);
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    public static X509TrustManager chooseTrustManager(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return p90.p.javaVersion() >= 7 ? x0.wrapIfNeeded((X509TrustManager) trustManager) : (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static X509KeyManager chooseX509KeyManager(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void destroy() {
        Lock writeLock = this.ctxLock.writeLock();
        writeLock.lock();
        try {
            long j11 = this.ctx;
            if (j11 != 0) {
                if (this.enableOcsp) {
                    SSLContext.disableOcsp(j11);
                }
                SSLContext.free(this.ctx);
                this.ctx = 0L;
                s0 sessionContext = sessionContext();
                if (sessionContext != null) {
                    sessionContext.destroy();
                }
            }
        } finally {
            writeLock.unlock();
        }
    }

    public static void freeBio(long j11) {
        if (j11 != 0) {
            SSL.freeBIO(j11);
        }
    }

    private static long newBIO(e90.j jVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int readableBytes = jVar.readableBytes();
            if (SSL.bioWrite(newMemBIO, b0.memoryAddress(jVar) + jVar.readerIndex(), readableBytes) == readableBytes) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.release();
        }
    }

    private static int opensslSelectorFailureBehavior(a.c cVar) {
        int i3 = c.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior[cVar.ordinal()];
        if (i3 == 1) {
            return 0;
        }
        if (i3 == 2) {
            return 1;
        }
        throw new Error();
    }

    public static n0 providerFor(KeyManagerFactory keyManagerFactory, String str) {
        return keyManagerFactory instanceof w0 ? ((w0) keyManagerFactory).newProvider() : keyManagerFactory instanceof e0 ? ((e0) keyManagerFactory).newProvider(str) : new n0(chooseX509KeyManager(keyManagerFactory.getKeyManagers()), str);
    }

    /* JADX WARN: Removed duplicated region for block: B:31:0x0097  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void setKeyMaterial(long r16, java.security.cert.X509Certificate[] r18, java.security.PrivateKey r19, java.lang.String r20) throws javax.net.ssl.SSLException {
        /*
            r0 = r19
            r1 = 0
            r3 = 0
            e90.k r4 = e90.k.DEFAULT     // Catch: java.lang.Throwable -> L78 java.lang.Exception -> L7c javax.net.ssl.SSLException -> L87
            r5 = 1
            r6 = r18
            l90.y0 r3 = l90.b1.toPEM(r4, r5, r6)     // Catch: java.lang.Throwable -> L78 java.lang.Exception -> L7c javax.net.ssl.SSLException -> L87
            l90.y0 r6 = r3.retain()     // Catch: java.lang.Throwable -> L6c java.lang.Exception -> L70 javax.net.ssl.SSLException -> L74
            long r14 = toBIO(r4, r6)     // Catch: java.lang.Throwable -> L6c java.lang.Exception -> L70 javax.net.ssl.SSLException -> L74
            l90.y0 r6 = r3.retain()     // Catch: java.lang.Throwable -> L5d java.lang.Exception -> L62 javax.net.ssl.SSLException -> L67
            long r11 = toBIO(r4, r6)     // Catch: java.lang.Throwable -> L5d java.lang.Exception -> L62 javax.net.ssl.SSLException -> L67
            if (r0 == 0) goto L24
            long r1 = toBIO(r4, r0)     // Catch: java.lang.Exception -> L2a javax.net.ssl.SSLException -> L2d java.lang.Throwable -> L8b
        L24:
            if (r20 != 0) goto L30
            java.lang.String r0 = ""
            r13 = r0
            goto L32
        L2a:
            r0 = move-exception
            goto L7f
        L2d:
            r0 = move-exception
            goto L8a
        L30:
            r13 = r20
        L32:
            r7 = r16
            r9 = r14
            r18 = r3
            r3 = r11
            r11 = r1
            io.netty.internal.tcnative.SSLContext.setCertificateBio(r7, r9, r11, r13)     // Catch: java.lang.Throwable -> L4e java.lang.Exception -> L53 javax.net.ssl.SSLException -> L58
            r6 = r16
            io.netty.internal.tcnative.SSLContext.setCertificateChainBio(r6, r3, r5)     // Catch: java.lang.Throwable -> L4e java.lang.Exception -> L53 javax.net.ssl.SSLException -> L58
            freeBio(r1)
            freeBio(r14)
            freeBio(r3)
            r18.release()
            return
        L4e:
            r0 = move-exception
            r11 = r3
            r3 = r18
            goto L8c
        L53:
            r0 = move-exception
            r11 = r3
            r3 = r18
            goto L7f
        L58:
            r0 = move-exception
            r11 = r3
            r3 = r18
            goto L8a
        L5d:
            r0 = move-exception
            r18 = r3
            r11 = r1
            goto L8c
        L62:
            r0 = move-exception
            r18 = r3
            r11 = r1
            goto L7f
        L67:
            r0 = move-exception
            r18 = r3
            r11 = r1
            goto L8a
        L6c:
            r0 = move-exception
            r18 = r3
            goto L79
        L70:
            r0 = move-exception
            r18 = r3
            goto L7d
        L74:
            r0 = move-exception
            r18 = r3
            goto L88
        L78:
            r0 = move-exception
        L79:
            r11 = r1
            r14 = r11
            goto L8c
        L7c:
            r0 = move-exception
        L7d:
            r11 = r1
            r14 = r11
        L7f:
            javax.net.ssl.SSLException r4 = new javax.net.ssl.SSLException     // Catch: java.lang.Throwable -> L8b
            java.lang.String r5 = "failed to set certificate and key"
            r4.<init>(r5, r0)     // Catch: java.lang.Throwable -> L8b
            throw r4     // Catch: java.lang.Throwable -> L8b
        L87:
            r0 = move-exception
        L88:
            r11 = r1
            r14 = r11
        L8a:
            throw r0     // Catch: java.lang.Throwable -> L8b
        L8b:
            r0 = move-exception
        L8c:
            freeBio(r1)
            freeBio(r14)
            freeBio(r11)
            if (r3 == 0) goto L9a
            r3.release()
        L9a:
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: l90.d1.setKeyMaterial(long, java.security.cert.X509Certificate[], java.security.PrivateKey, java.lang.String):void");
    }

    public static long toBIO(e90.k kVar, PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        y0 pem = z0.toPEM(kVar, true, privateKey);
        try {
            return toBIO(kVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    public static long toBIO(e90.k kVar, y0 y0Var) throws Exception {
        try {
            e90.j content = y0Var.content();
            if (content.isDirect()) {
                return newBIO(content.retainedSlice());
            }
            e90.j directBuffer = kVar.directBuffer(content.readableBytes());
            try {
                directBuffer.writeBytes(content, content.readerIndex(), content.readableBytes());
                long newBIO = newBIO(directBuffer.retainedSlice());
                try {
                    if (y0Var.isSensitive()) {
                        q1.zeroout(directBuffer);
                    }
                    return newBIO;
                } finally {
                }
            } catch (Throwable th2) {
                try {
                    if (y0Var.isSensitive()) {
                        q1.zeroout(directBuffer);
                    }
                    throw th2;
                } finally {
                }
            }
        } finally {
            y0Var.release();
        }
    }

    public static long toBIO(e90.k kVar, X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        y0 pem = b1.toPEM(kVar, true, x509CertificateArr);
        try {
            return toBIO(kVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    public static c0 toNegotiator(l90.a aVar) {
        if (aVar == null) {
            return NONE_PROTOCOL_NEGOTIATOR;
        }
        int i3 = c.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[aVar.protocol().ordinal()];
        if (i3 != 1 && i3 != 2 && i3 != 3) {
            if (i3 == 4) {
                return NONE_PROTOCOL_NEGOTIATOR;
            }
            throw new Error();
        }
        int i4 = c.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior[aVar.selectedListenerFailureBehavior().ordinal()];
        if (i4 != 1 && i4 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + aVar.selectedListenerFailureBehavior() + " behavior");
        }
        int i11 = c.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior[aVar.selectorFailureBehavior().ordinal()];
        if (i11 == 1 || i11 == 2) {
            return new h0(aVar);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + aVar.selectorFailureBehavior() + " behavior");
    }

    public static boolean useExtendedTrustManager(X509TrustManager x509TrustManager) {
        return p90.p.javaVersion() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    public l90.b applicationProtocolNegotiator() {
        return this.apn;
    }

    public int getBioNonApplicationBufferSize() {
        return this.bioNonApplicationBufferSize;
    }

    @Override // l90.j1
    public final boolean isClient() {
        return this.mode == 0;
    }

    @Override // l90.j1
    public final SSLEngine newEngine(e90.k kVar, String str, int i3) {
        return newEngine0(kVar, str, i3, true);
    }

    public SSLEngine newEngine0(e90.k kVar, String str, int i3, boolean z11) {
        return new e1(this, kVar, str, i3, z11, true);
    }

    @Override // l90.j1
    public final m1 newHandler(e90.k kVar, String str, int i3, boolean z11) {
        return new m1(newEngine0(kVar, str, i3, false), z11);
    }

    @Override // n90.s
    public final int refCnt() {
        return this.refCnt.refCnt();
    }

    @Override // n90.s
    public final boolean release() {
        return this.refCnt.release();
    }

    @Override // n90.s
    public final n90.s retain() {
        this.refCnt.retain();
        return this;
    }

    public abstract s0 sessionContext();

    @Override // n90.s
    public final n90.s touch(Object obj) {
        this.refCnt.touch(obj);
        return this;
    }
}
