package defpackage;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.PemPrivateKey;
import io.netty.handler.ssl.PemX509Certificate;
import io.netty.handler.ssl.ReferenceCountedOpenSslEngine;
import io.netty.util.ResourceLeakDetector;
import io.netty.util.internal.PlatformDependent;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* loaded from: classes4.dex */
public abstract class wqq extends wqs implements wrx {
    private static final List<String> k;
    private static final Integer l;
    public volatile long a;
    public final wpz b;
    public final Certificate[] c;
    public final ClientAuth d;
    public final wqe e;
    public volatile boolean f;
    private long n;
    private final List<String> o;
    private final int p;
    private final wry q;
    private final wrk r;
    private static final wul i = wum.a((Class<?>) wqq.class);
    private static final boolean j = ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: wqq.1
        @Override // java.security.PrivilegedAction
        public final /* synthetic */ Boolean run() {
            return Boolean.valueOf(wud.a("jdk.tls.rejectClientInitiatedRenegotiation", false));
        }
    })).booleanValue();
    private static final ResourceLeakDetector<wqq> m = wrz.a().a(wqq.class);
    private static wpz s = new wpz() { // from class: wqq.3
        @Override // defpackage.wph
        public final List<String> a() {
            return Collections.emptyList();
        }

        @Override // defpackage.wpz
        public final ApplicationProtocolConfig.Protocol b() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }

        @Override // defpackage.wpz
        public final ApplicationProtocolConfig.SelectorFailureBehavior c() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // defpackage.wpz
        public final ApplicationProtocolConfig.SelectedListenerFailureBehavior d() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: wqq$5, reason: invalid class name */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass5 {
        static final /* synthetic */ int[] a;
        static final /* synthetic */ int[] b;
        static final /* synthetic */ int[] c = new int[ApplicationProtocolConfig.SelectedListenerFailureBehavior.values().length];

        static {
            try {
                c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            b = new int[ApplicationProtocolConfig.SelectorFailureBehavior.values().length];
            try {
                b[ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                b[ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            a = new int[ApplicationProtocolConfig.Protocol.values().length];
            try {
                a[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                a[ApplicationProtocolConfig.Protocol.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                a[ApplicationProtocolConfig.Protocol.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                a[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public static abstract class a implements CertificateVerifier {
        /* JADX INFO: Access modifiers changed from: package-private */
        public a(wqe wqeVar) {
        }
    }

    /* loaded from: classes4.dex */
    static final class b implements wqe {
        private final Map<Long, ReferenceCountedOpenSslEngine> a;

        private b() {
            this.a = PlatformDependent.j();
        }

        /* synthetic */ b(byte b) {
            this();
        }

        @Override // defpackage.wqe
        public final ReferenceCountedOpenSslEngine a(long j) {
            return this.a.remove(Long.valueOf(j));
        }

        @Override // defpackage.wqe
        public final void a(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) {
            this.a.put(Long.valueOf(referenceCountedOpenSslEngine.a()), referenceCountedOpenSslEngine);
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA");
        k = Collections.unmodifiableList(arrayList);
        if (i.c()) {
            i.b("Default cipher suite (OpenSSL): " + arrayList);
        }
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: wqq.4
                @Override // java.security.PrivilegedAction
                public final /* synthetic */ String run() {
                    return wud.b("jdk.tls.ephemeralDHKeySize");
                }
            });
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    i.b("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        l = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public wqq(Iterable<String> iterable, wpk wpkVar, ApplicationProtocolConfig applicationProtocolConfig, long j2, long j3, int i2, Certificate[] certificateArr, ClientAuth clientAuth, boolean z, boolean z2) {
        this(iterable, wpkVar, a(applicationProtocolConfig), j2, j3, i2, certificateArr, clientAuth, z, z2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public wqq(Iterable<String> iterable, wpk wpkVar, wpz wpzVar, long j2, long j3, int i2, Certificate[] certificateArr, ClientAuth clientAuth, boolean z, boolean z2) {
        super(z);
        String next;
        this.r = new wrk() { // from class: wqq.2
            @Override // defpackage.wrx
            public final wrx b(Object obj) {
                if (wqq.this.q != null) {
                    wqq.this.q.a(obj);
                }
                return wqq.this;
            }

            @Override // defpackage.wrk
            public final void d() {
                wqq.this.d();
                if (wqq.this.q != null) {
                    wqq.this.q.b();
                }
            }
        };
        byte b2 = 0;
        this.e = new b(b2);
        wpy.b();
        if (i2 != 1 && i2 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        ArrayList arrayList = null;
        this.q = z2 ? m.a((ResourceLeakDetector<wqq>) this) : null;
        this.p = i2;
        this.d = e() ? (ClientAuth) wtz.a(clientAuth, "clientAuth") : ClientAuth.NONE;
        if (i2 == 1) {
            this.f = j;
        }
        this.c = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            arrayList = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (it.hasNext() && (next = it.next()) != null) {
                String a2 = wpj.a(next);
                if (a2 != null) {
                    next = a2;
                }
                arrayList.add(next);
            }
        }
        this.o = Arrays.asList(((wpk) wtz.a(wpkVar, "cipherFilter")).a(arrayList, k, wpy.c()));
        this.b = (wpz) wtz.a(wpzVar, "apn");
        this.n = Pool.create(0L);
        try {
            synchronized (wqq.class) {
                try {
                    try {
                        this.a = SSLContext.make(this.n, 31, i2);
                        SSLContext.setOptions(this.a, 4095);
                        SSLContext.setOptions(this.a, 16777216);
                        SSLContext.setOptions(this.a, 33554432);
                        SSLContext.setOptions(this.a, 4194304);
                        SSLContext.setOptions(this.a, 524288);
                        SSLContext.setOptions(this.a, 1048576);
                        SSLContext.setOptions(this.a, 65536);
                        SSLContext.setOptions(this.a, 16384);
                        SSLContext.setMode(this.a, SSLContext.getMode(this.a) | 2);
                        if (l != null) {
                            SSLContext.setTmpDHLength(this.a, l.intValue());
                        }
                        try {
                            SSLContext.setCipherSuite(this.a, wpj.a(this.o));
                            List<String> a3 = wpzVar.a();
                            if (!a3.isEmpty()) {
                                String[] strArr = (String[]) a3.toArray(new String[a3.size()]);
                                int i3 = AnonymousClass5.b[wpzVar.c().ordinal()];
                                if (i3 != 1) {
                                    if (i3 != 2) {
                                        throw new Error();
                                    }
                                    b2 = 1;
                                }
                                int i4 = AnonymousClass5.a[wpzVar.b().ordinal()];
                                if (i4 == 1) {
                                    SSLContext.setNpnProtos(this.a, strArr, b2);
                                } else if (i4 == 2) {
                                    SSLContext.setAlpnProtos(this.a, strArr, b2);
                                } else {
                                    if (i4 != 3) {
                                        throw new Error();
                                    }
                                    SSLContext.setNpnProtos(this.a, strArr, b2);
                                    SSLContext.setAlpnProtos(this.a, strArr, b2);
                                }
                            }
                            if (j2 > 0) {
                                SSLContext.setSessionCacheSize(this.a, j2);
                            } else {
                                SSLContext.setSessionCacheSize(this.a, SSLContext.setSessionCacheSize(this.a, 20480L));
                            }
                            if (j3 > 0) {
                                SSLContext.setSessionCacheTimeout(this.a, j3);
                            } else {
                                SSLContext.setSessionCacheTimeout(this.a, SSLContext.setSessionCacheTimeout(this.a, 300L));
                            }
                        } catch (SSLException e) {
                            throw e;
                        } catch (Exception e2) {
                            throw new SSLException("failed to set cipher suite: " + this.o, e2);
                        }
                    } catch (Exception e3) {
                        throw new SSLException("failed to create an SSL_CTX", e3);
                    }
                } catch (Throwable th) {
                    throw th;
                }
            }
        } catch (Throwable th2) {
            B();
            throw th2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(PrivateKey privateKey) {
        if (privateKey == null) {
            return 0L;
        }
        wjl wjlVar = wjl.a;
        wqm a2 = PemPrivateKey.a(wjlVar, true, privateKey);
        try {
            return a(wjlVar, a2.c());
        } finally {
            a2.B();
        }
    }

    private static long a(wjk wjkVar) {
        try {
            long newMemBIO = SSL.newMemBIO();
            int g = wjkVar.g();
            if (SSL.writeToBIO(newMemBIO, wpy.a(wjkVar) + wjkVar.c(), g) == g) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            wjkVar.B();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(wjl wjlVar, wqm wqmVar) {
        try {
            wjk a2 = wqmVar.a();
            if (a2.G()) {
                return a(a2.u());
            }
            wjk d = wjlVar.d(a2.g());
            try {
                d.a(a2, a2.c(), a2.g());
                long a3 = a(d.u());
                try {
                    if (wqmVar.b()) {
                        wqw.a(d);
                    }
                    return a3;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (wqmVar.b()) {
                        wqw.a(d);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            wqmVar.B();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(X509Certificate... x509CertificateArr) {
        wjl wjlVar = wjl.a;
        wqm a2 = PemX509Certificate.a(wjlVar, true, x509CertificateArr);
        try {
            return a(wjlVar, a2.c());
        } finally {
            a2.B();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager a(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static wpz a(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return s;
        }
        int i2 = AnonymousClass5.a[applicationProtocolConfig.b.ordinal()];
        if (i2 != 1 && i2 != 2 && i2 != 3) {
            if (i2 == 4) {
                return s;
            }
            throw new Error();
        }
        int i3 = AnonymousClass5.c[applicationProtocolConfig.d.ordinal()];
        if (i3 != 1 && i3 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.d + " behavior");
        }
        int i4 = AnonymousClass5.b[applicationProtocolConfig.c.ordinal()];
        if (i4 == 1 || i4 == 2) {
            return new wqc(applicationProtocolConfig);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.c + " behavior");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(long j2) {
        if (j2 != 0) {
            SSL.freeBIO(j2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Not initialized variable reg: 4, insn: 0x0082: MOVE (r1 I:??[long, double]) = (r4 I:??[long, double]), block:B:53:0x0081 */
    /* JADX WARN: Removed duplicated region for block: B:31:0x008f  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void a(long r17, java.security.cert.X509Certificate[] r19, java.security.PrivateKey r20, java.lang.String r21) {
        /*
            r1 = 0
            r3 = 0
            wjl r0 = defpackage.wjl.a     // Catch: java.lang.Throwable -> L6d java.lang.Exception -> L71 javax.net.ssl.SSLException -> L7c
            r4 = 1
            r5 = r19
            wqm r3 = io.netty.handler.ssl.PemX509Certificate.a(r0, r4, r5)     // Catch: java.lang.Throwable -> L6d java.lang.Exception -> L71 javax.net.ssl.SSLException -> L7c
            wjl r0 = defpackage.wjl.a     // Catch: java.lang.Throwable -> L6d java.lang.Exception -> L71 javax.net.ssl.SSLException -> L7c
            wqm r5 = r3.c()     // Catch: java.lang.Throwable -> L6d java.lang.Exception -> L71 javax.net.ssl.SSLException -> L7c
            long r13 = a(r0, r5)     // Catch: java.lang.Throwable -> L6d java.lang.Exception -> L71 javax.net.ssl.SSLException -> L7c
            wjl r0 = defpackage.wjl.a     // Catch: java.lang.Throwable -> L64 java.lang.Exception -> L67 javax.net.ssl.SSLException -> L6a
            wqm r5 = r3.c()     // Catch: java.lang.Throwable -> L64 java.lang.Exception -> L67 javax.net.ssl.SSLException -> L6a
            long r10 = a(r0, r5)     // Catch: java.lang.Throwable -> L64 java.lang.Exception -> L67 javax.net.ssl.SSLException -> L6a
            if (r20 == 0) goto L35
            long r1 = a(r20)     // Catch: java.lang.Throwable -> L27 java.lang.Exception -> L2b javax.net.ssl.SSLException -> L30
            goto L35
        L27:
            r0 = move-exception
            r4 = r10
            goto L84
        L2b:
            r0 = move-exception
            r4 = r1
            r1 = r10
            goto L74
        L30:
            r0 = move-exception
            r4 = r1
            r1 = r10
            goto L7f
        L35:
            if (r21 != 0) goto L3b
            java.lang.String r0 = ""
            r12 = r0
            goto L3d
        L3b:
            r12 = r21
        L3d:
            r6 = r17
            r8 = r13
            r4 = r10
            r10 = r1
            org.apache.tomcat.jni.SSLContext.setCertificateBio(r6, r8, r10, r12)     // Catch: java.lang.Throwable -> L58 java.lang.Exception -> L5a javax.net.ssl.SSLException -> L5f
            r0 = 1
            org.apache.tomcat.jni.SSLContext.setCertificateChainBio(r6, r4, r0)     // Catch: java.lang.Throwable -> L58 java.lang.Exception -> L5a javax.net.ssl.SSLException -> L5f
            a(r1)
            a(r13)
            a(r4)
            if (r3 == 0) goto L57
            r3.B()
        L57:
            return
        L58:
            r0 = move-exception
            goto L84
        L5a:
            r0 = move-exception
            r15 = r1
            r1 = r4
            r4 = r15
            goto L74
        L5f:
            r0 = move-exception
            r15 = r1
            r1 = r4
            r4 = r15
            goto L7f
        L64:
            r0 = move-exception
            r4 = r1
            goto L84
        L67:
            r0 = move-exception
            r4 = r1
            goto L74
        L6a:
            r0 = move-exception
            r4 = r1
            goto L7f
        L6d:
            r0 = move-exception
            r4 = r1
            r13 = r4
            goto L84
        L71:
            r0 = move-exception
            r4 = r1
            r13 = r4
        L74:
            javax.net.ssl.SSLException r6 = new javax.net.ssl.SSLException     // Catch: java.lang.Throwable -> L80
            java.lang.String r7 = "failed to set certificate and key"
            r6.<init>(r7, r0)     // Catch: java.lang.Throwable -> L80
            throw r6     // Catch: java.lang.Throwable -> L80
        L7c:
            r0 = move-exception
            r4 = r1
            r13 = r4
        L7f:
            throw r0     // Catch: java.lang.Throwable -> L80
        L80:
            r0 = move-exception
            r15 = r1
            r1 = r4
            r4 = r15
        L84:
            a(r1)
            a(r13)
            a(r4)
            if (r3 == 0) goto L92
            r3.B()
        L92:
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: defpackage.wqq.a(long, java.security.cert.X509Certificate[], java.security.PrivateKey, java.lang.String):void");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509KeyManager x509KeyManager) {
        return PlatformDependent.c() >= 7 && (x509KeyManager instanceof X509ExtendedKeyManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509TrustManager x509TrustManager) {
        return PlatformDependent.c() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    @Override // defpackage.wrx
    public final boolean B() {
        return this.r.B();
    }

    @Override // defpackage.wqs
    public final SSLEngine a(wjl wjlVar, String str, int i2) {
        return b(wjlVar, str, i2);
    }

    @Override // defpackage.wqs
    public final boolean a() {
        return this.p == 0;
    }

    SSLEngine b(wjl wjlVar, String str, int i2) {
        return new ReferenceCountedOpenSslEngine(this, wjlVar, str, i2, true);
    }

    public abstract wqk b();

    @Override // defpackage.wrx
    public final wrx b(Object obj) {
        this.r.b(obj);
        return this;
    }

    public abstract wqh c();

    final void d() {
        synchronized (wqq.class) {
            if (this.a != 0) {
                SSLContext.free(this.a);
                this.a = 0L;
            }
            if (this.n != 0) {
                Pool.destroy(this.n);
                this.n = 0L;
            }
        }
    }

    @Override // defpackage.wrx
    public final int z() {
        return this.r.z();
    }
}
