package io.netty.handler.ssl;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.util.ResourceLeakDetector;
import io.netty.util.internal.PlatformDependent;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* compiled from: ReferenceCountedOpenSslContext.java */
/* loaded from: classes5.dex */
public abstract class h0 extends j0 implements io.netty.util.o {
    private static final List<String> o;
    private static final Integer p;
    protected volatile long b;

    /* renamed from: c, reason: collision with root package name */
    long f23518c;

    /* renamed from: d, reason: collision with root package name */
    private final List<String> f23519d;

    /* renamed from: e, reason: collision with root package name */
    private final s f23520e;

    /* renamed from: f, reason: collision with root package name */
    private final int f23521f;

    /* renamed from: g, reason: collision with root package name */
    private final io.netty.util.p f23522g;

    /* renamed from: h, reason: collision with root package name */
    private final io.netty.util.b f23523h;

    /* renamed from: i, reason: collision with root package name */
    final Certificate[] f23524i;
    final ClientAuth j;
    final x k;
    volatile boolean l;
    private static final io.netty.util.internal.logging.b m = io.netty.util.internal.logging.c.b(h0.class);
    private static final boolean n = io.netty.util.internal.o.d("jdk.tls.rejectClientInitiatedRenegotiation", false);
    private static final ResourceLeakDetector<h0> q = io.netty.util.q.b().c(h0.class);
    static final s r = new b();

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    class a extends io.netty.util.b {
        a() {
        }

        @Override // io.netty.util.b
        protected void deallocate() {
            h0.this.u();
            if (h0.this.f23522g != null) {
                h0.this.f23522g.close();
            }
        }

        @Override // io.netty.util.o
        public io.netty.util.o touch(Object obj) {
            if (h0.this.f23522g != null) {
                h0.this.f23522g.a(obj);
            }
            return h0.this;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    static class b implements s {
        b() {
        }

        @Override // io.netty.handler.ssl.s
        public ApplicationProtocolConfig.SelectorFailureBehavior a() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.netty.handler.ssl.a
        public List<String> b() {
            return Collections.emptyList();
        }

        @Override // io.netty.handler.ssl.s
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior d() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }

        @Override // io.netty.handler.ssl.s
        public ApplicationProtocolConfig.Protocol protocol() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    static class c implements PrivilegedAction<String> {
        c() {
        }

        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public String run() {
            return io.netty.util.internal.o.b("jdk.tls.ephemeralDHKeySize");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    public static /* synthetic */ class d {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f23526a;
        static final /* synthetic */ int[] b;

        /* renamed from: c, reason: collision with root package name */
        static final /* synthetic */ int[] f23527c;

        static {
            int[] iArr = new int[ApplicationProtocolConfig.SelectedListenerFailureBehavior.values().length];
            f23527c = iArr;
            try {
                iArr[ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f23527c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[ApplicationProtocolConfig.SelectorFailureBehavior.values().length];
            b = iArr2;
            try {
                iArr2[ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                b[ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr3 = new int[ApplicationProtocolConfig.Protocol.values().length];
            f23526a = iArr3;
            try {
                iArr3[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                f23526a[ApplicationProtocolConfig.Protocol.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f23526a[ApplicationProtocolConfig.Protocol.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f23526a[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    public static abstract class e implements CertificateVerifier {
        /* JADX INFO: Access modifiers changed from: package-private */
        public e(x xVar) {
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    private static final class f implements x {

        /* renamed from: a, reason: collision with root package name */
        private final Map<Long, ReferenceCountedOpenSslEngine> f23528a;

        private f() {
            this.f23528a = PlatformDependent.e0();
        }

        /* synthetic */ f(a aVar) {
            this();
        }

        @Override // io.netty.handler.ssl.x
        public ReferenceCountedOpenSslEngine a(long j) {
            return this.f23528a.remove(Long.valueOf(j));
        }

        @Override // io.netty.handler.ssl.x
        public void b(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) {
            this.f23528a.put(Long.valueOf(referenceCountedOpenSslEngine.K()), referenceCountedOpenSslEngine);
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA");
        o = Collections.unmodifiableList(arrayList);
        if (m.isDebugEnabled()) {
            m.debug("Default cipher suite (OpenSSL): " + arrayList);
        }
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new c());
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    m.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        p = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public h0(Iterable<String> iterable, io.netty.handler.ssl.d dVar, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2, int i2, Certificate[] certificateArr, ClientAuth clientAuth, boolean z) throws SSLException {
        this(iterable, dVar, F(applicationProtocolConfig), j, j2, i2, certificateArr, clientAuth, z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public h0(Iterable<String> iterable, io.netty.handler.ssl.d dVar, s sVar, long j, long j2, int i2, Certificate[] certificateArr, ClientAuth clientAuth, boolean z) throws SSLException {
        ClientAuth clientAuth2;
        String next;
        this.f23523h = new a();
        ArrayList arrayList = null;
        this.k = new f(0 == true ? 1 : 0);
        r.c();
        if (i2 != 1 && i2 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.f23522g = z ? q.i(this) : null;
        this.f23521f = i2;
        if (k()) {
            io.netty.util.internal.l.a(clientAuth, "clientAuth");
            clientAuth2 = clientAuth;
        } else {
            clientAuth2 = ClientAuth.NONE;
        }
        this.j = clientAuth2;
        if (i2 == 1) {
            this.l = n;
        }
        this.f23524i = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            arrayList = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (it.hasNext() && (next = it.next()) != null) {
                String i3 = io.netty.handler.ssl.c.i(next);
                if (i3 != null) {
                    next = i3;
                }
                arrayList.add(next);
            }
        }
        io.netty.util.internal.l.a(dVar, "cipherFilter");
        this.f23519d = Arrays.asList(dVar.a(arrayList, o, r.a()));
        io.netty.util.internal.l.a(sVar, "apn");
        this.f23520e = sVar;
        this.f23518c = Pool.create(0L);
        try {
            synchronized (h0.class) {
                try {
                    try {
                        this.b = SSLContext.make(this.f23518c, 31, i2);
                        SSLContext.setOptions(this.b, 4095);
                        SSLContext.setOptions(this.b, 16777216);
                        SSLContext.setOptions(this.b, 33554432);
                        SSLContext.setOptions(this.b, 4194304);
                        SSLContext.setOptions(this.b, 524288);
                        SSLContext.setOptions(this.b, 1048576);
                        SSLContext.setOptions(this.b, 65536);
                        SSLContext.setOptions(this.b, 16384);
                        SSLContext.setMode(this.b, SSLContext.getMode(this.b) | 2);
                        if (p != null) {
                            SSLContext.setTmpDHLength(this.b, p.intValue());
                        }
                        try {
                            SSLContext.setCipherSuite(this.b, io.netty.handler.ssl.c.h(this.f23519d));
                            List<String> b2 = sVar.b();
                            if (!b2.isEmpty()) {
                                String[] strArr = (String[]) b2.toArray(new String[b2.size()]);
                                int z2 = z(sVar.a());
                                int i4 = d.f23526a[sVar.protocol().ordinal()];
                                if (i4 == 1) {
                                    SSLContext.setNpnProtos(this.b, strArr, z2);
                                } else if (i4 == 2) {
                                    SSLContext.setAlpnProtos(this.b, strArr, z2);
                                } else {
                                    if (i4 != 3) {
                                        throw new Error();
                                    }
                                    SSLContext.setNpnProtos(this.b, strArr, z2);
                                    SSLContext.setAlpnProtos(this.b, strArr, z2);
                                }
                            }
                            if (j > 0) {
                                SSLContext.setSessionCacheSize(this.b, j);
                            } else {
                                SSLContext.setSessionCacheSize(this.b, SSLContext.setSessionCacheSize(this.b, 20480L));
                            }
                            if (j2 > 0) {
                                SSLContext.setSessionCacheTimeout(this.b, j2);
                            } else {
                                SSLContext.setSessionCacheTimeout(this.b, SSLContext.setSessionCacheTimeout(this.b, 300L));
                            }
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            throw new SSLException("failed to set cipher suite: " + this.f23519d, e3);
                        }
                    } catch (Exception e4) {
                        throw new SSLException("failed to create an SSL_CTX", e4);
                    }
                } catch (Throwable th) {
                    throw th;
                }
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void B(long j, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j2;
        long j3;
        long j4 = 0;
        e0 e0Var = null;
        try {
            try {
                e0Var = PemX509Certificate.toPEM(io.netty.buffer.k.f23224a, true, x509CertificateArr);
                j2 = C(io.netty.buffer.k.f23224a, e0Var.m696retain());
            } catch (Throwable th) {
                th = th;
            }
        } catch (SSLException e2) {
            throw e2;
        } catch (Exception e3) {
            e = e3;
        } catch (Throwable th2) {
            th = th2;
            j2 = 0;
            j3 = 0;
        }
        try {
            long C = C(io.netty.buffer.k.f23224a, e0Var.m696retain());
            if (privateKey != null) {
                try {
                    j4 = D(privateKey);
                } catch (SSLException e4) {
                    throw e4;
                } catch (Exception e5) {
                    e = e5;
                    throw new SSLException("failed to set certificate and key", e);
                }
            }
            SSLContext.setCertificateBio(j, j2, j4, str == null ? "" : str);
            SSLContext.setCertificateChainBio(j, C, false);
            v(j4);
            v(j2);
            v(C);
            if (e0Var != null) {
                e0Var.release();
            }
        } catch (SSLException e6) {
            throw e6;
        } catch (Exception e7) {
            e = e7;
        } catch (Throwable th3) {
            th = th3;
            j3 = 0;
            v(0L);
            v(j2);
            v(j3);
            if (e0Var != null) {
                e0Var.release();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long C(io.netty.buffer.k kVar, e0 e0Var) throws Exception {
        try {
            io.netty.buffer.j content = e0Var.content();
            if (content.k0()) {
                return x(content.F0());
            }
            io.netty.buffer.j f2 = kVar.f(content.z0());
            try {
                f2.a1(content, content.A0(), content.z0());
                long x = x(f2.F0());
                try {
                    if (e0Var.isSensitive()) {
                        p0.d(f2);
                    }
                    return x;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (e0Var.isSensitive()) {
                        p0.d(f2);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            e0Var.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long D(PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        io.netty.buffer.k kVar = io.netty.buffer.k.f23224a;
        e0 pem = PemPrivateKey.toPEM(kVar, true, privateKey);
        try {
            return C(kVar, pem.m696retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long E(X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        io.netty.buffer.k kVar = io.netty.buffer.k.f23224a;
        e0 pem = PemX509Certificate.toPEM(kVar, true, x509CertificateArr);
        try {
            return C(kVar, pem.m696retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static s F(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return r;
        }
        int i2 = d.f23526a[applicationProtocolConfig.a().ordinal()];
        if (i2 != 1 && i2 != 2 && i2 != 3) {
            if (i2 == 4) {
                return r;
            }
            throw new Error();
        }
        int i3 = d.f23527c[applicationProtocolConfig.b().ordinal()];
        if (i3 != 1 && i3 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.b() + " behavior");
        }
        int i4 = d.b[applicationProtocolConfig.c().ordinal()];
        if (i4 == 1 || i4 == 2) {
            return new v(applicationProtocolConfig);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.c() + " behavior");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean G(X509KeyManager x509KeyManager) {
        return PlatformDependent.V() >= 7 && (x509KeyManager instanceof X509ExtendedKeyManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean H(X509TrustManager x509TrustManager) {
        return PlatformDependent.V() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager s(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager t(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void v(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    private static long x(io.netty.buffer.j jVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int z0 = jVar.z0();
            if (SSL.writeToBIO(newMemBIO, r.j(jVar) + jVar.A0(), z0) == z0) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.release();
        }
    }

    private static int z(ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior) {
        int i2 = d.b[selectorFailureBehavior.ordinal()];
        if (i2 == 1) {
            return 0;
        }
        if (i2 == 2) {
            return 1;
        }
        throw new Error();
    }

    public abstract d0 A();

    @Override // io.netty.handler.ssl.j0
    public final boolean j() {
        return this.f23521f == 0;
    }

    @Override // io.netty.handler.ssl.j0
    public final SSLEngine m(io.netty.buffer.k kVar, String str, int i2) {
        return y(kVar, str, i2);
    }

    public io.netty.handler.ssl.a r() {
        return this.f23520e;
    }

    @Override // io.netty.util.o
    public final int refCnt() {
        return this.f23523h.refCnt();
    }

    @Override // io.netty.util.o
    public final boolean release() {
        return this.f23523h.release();
    }

    @Override // io.netty.util.o
    public final boolean release(int i2) {
        return this.f23523h.release(i2);
    }

    @Override // io.netty.util.o
    public final io.netty.util.o touch(Object obj) {
        this.f23523h.touch(obj);
        return this;
    }

    final void u() {
        synchronized (h0.class) {
            if (this.b != 0) {
                SSLContext.free(this.b);
                this.b = 0L;
            }
            if (this.f23518c != 0) {
                Pool.destroy(this.f23518c);
                this.f23518c = 0L;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract a0 w();

    SSLEngine y(io.netty.buffer.k kVar, String str, int i2) {
        return new ReferenceCountedOpenSslEngine(this, kVar, str, i2, true);
    }
}
