package io.netty.handler.ssl;

import android.support.v4.view.ViewCompat;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.atomic.AtomicIntegerFieldUpdater;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSLContext;

/* compiled from: OpenSslContext.java */
/* loaded from: classes.dex */
public abstract class ag extends as {

    /* renamed from: a, reason: collision with root package name */
    protected static final int f6418a = 10;
    private static final io.netty.util.internal.logging.c c = io.netty.util.internal.logging.d.a((Class<?>) ag.class);
    private static final List<String> d;
    private static final AtomicIntegerFieldUpdater<ag> f;

    /* renamed from: b, reason: collision with root package name */
    protected final long f6419b;
    private final long g;
    private volatile int h;
    private final List<String> i;
    private final List<String> j;
    private final long k;
    private final long l;
    private final ad m;
    private final int n;

    static {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA", "RC4-SHA");
        d = Collections.unmodifiableList(arrayList);
        if (c.d()) {
            c.b("Default cipher suite (OpenSSL): " + arrayList);
        }
        AtomicIntegerFieldUpdater<ag> b2 = io.netty.util.internal.q.b((Class<?>) ag.class, "h");
        if (b2 == null) {
            b2 = AtomicIntegerFieldUpdater.newUpdater(ag.class, "h");
        }
        f = b2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ag(Iterable<String> iterable, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2, int i) throws SSLException {
        this(iterable, a(applicationProtocolConfig, i == 1), j, j2, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ag(Iterable<String> iterable, ad adVar, long j, long j2, int i) throws SSLException {
        String next;
        this.i = new ArrayList();
        this.j = Collections.unmodifiableList(this.i);
        ac.b();
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.n = i;
        Iterator<String> it = (iterable == null ? d : iterable).iterator();
        while (it.hasNext() && (next = it.next()) != null) {
            String a2 = c.a(next);
            if (a2 != null) {
                next = a2;
            }
            this.i.add(next);
        }
        this.m = (ad) io.netty.util.internal.m.a(adVar, "apn");
        this.g = Pool.create(0L);
        try {
            synchronized (ag.class) {
                try {
                    this.f6419b = SSLContext.make(this.g, 28, i);
                    SSLContext.setOptions(this.f6419b, 4095);
                    SSLContext.setOptions(this.f6419b, ViewCompat.MEASURED_STATE_TOO_SMALL);
                    SSLContext.setOptions(this.f6419b, 33554432);
                    SSLContext.setOptions(this.f6419b, 4194304);
                    SSLContext.setOptions(this.f6419b, 524288);
                    SSLContext.setOptions(this.f6419b, 1048576);
                    SSLContext.setOptions(this.f6419b, 65536);
                    try {
                        try {
                            SSLContext.setCipherSuite(this.f6419b, c.a(this.i));
                            List<String> a3 = adVar.a();
                            if (!a3.isEmpty()) {
                                StringBuilder sb = new StringBuilder();
                                Iterator<String> it2 = a3.iterator();
                                while (it2.hasNext()) {
                                    sb.append(it2.next());
                                    sb.append(io.netty.util.internal.z.c);
                                }
                                sb.setLength(sb.length() - 1);
                                SSLContext.setNextProtos(this.f6419b, sb.toString());
                            }
                            if (j > 0) {
                                this.k = j;
                                SSLContext.setSessionCacheSize(this.f6419b, j);
                            } else {
                                long sessionCacheSize = SSLContext.setSessionCacheSize(this.f6419b, 20480L);
                                this.k = sessionCacheSize;
                                SSLContext.setSessionCacheSize(this.f6419b, sessionCacheSize);
                            }
                            if (j2 > 0) {
                                this.l = j2;
                                SSLContext.setSessionCacheTimeout(this.f6419b, j2);
                            } else {
                                long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.f6419b, 300L);
                                this.l = sessionCacheTimeout;
                                SSLContext.setSessionCacheTimeout(this.f6419b, sessionCacheTimeout);
                            }
                        } catch (SSLException e) {
                            throw e;
                        }
                    } catch (Exception e2) {
                        throw new SSLException("failed to set cipher suite: " + this.i, e2);
                    }
                } catch (Exception e3) {
                    throw new SSLException("failed to create an SSL_CTX", e3);
                }
            }
        } catch (Throwable th) {
            k();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ad a(ApplicationProtocolConfig applicationProtocolConfig, boolean z) {
        if (applicationProtocolConfig == null) {
            return ah.f6422a;
        }
        switch (applicationProtocolConfig.b()) {
            case NONE:
                return ah.f6422a;
            case NPN:
                if (!z) {
                    throw new UnsupportedOperationException("OpenSSL provider does not support client mode");
                }
                switch (applicationProtocolConfig.d()) {
                    case CHOOSE_MY_LAST_PROTOCOL:
                        return new aj(applicationProtocolConfig.a());
                    default:
                        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.d() + " behavior");
                }
            default:
                throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.b() + " protocol");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509Certificate[] a(byte[][] bArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr[i] = new OpenSslX509Certificate(bArr[i]);
        }
        return x509CertificateArr;
    }

    @Override // io.netty.handler.ssl.as
    public final SSLEngine a(io.netty.b.g gVar) {
        List<String> a2 = h().a();
        return a2.isEmpty() ? new OpenSslEngine(this.f6419b, gVar, null, a(), c()) : new OpenSslEngine(this.f6419b, gVar, a2.get(a2.size() - 1), a(), c());
    }

    @Override // io.netty.handler.ssl.as
    public final SSLEngine a(io.netty.b.g gVar, String str, int i) {
        throw new UnsupportedOperationException();
    }

    @Deprecated
    public final void a(byte[] bArr) {
        c().b(bArr);
    }

    @Override // io.netty.handler.ssl.as
    public final boolean a() {
        return this.n == 0;
    }

    @Override // io.netty.handler.ssl.as
    /* renamed from: b */
    public abstract an c();

    @Override // io.netty.handler.ssl.as
    public final List<String> d() {
        return this.j;
    }

    @Override // io.netty.handler.ssl.as
    public final long e() {
        return this.k;
    }

    @Override // io.netty.handler.ssl.as
    public final long f() {
        return this.l;
    }

    protected final void finalize() throws Throwable {
        super.finalize();
        synchronized (ag.class) {
            if (this.f6419b != 0) {
                SSLContext.free(this.f6419b);
            }
        }
        k();
    }

    @Override // io.netty.handler.ssl.as
    public a h() {
        return this.m;
    }

    public final long i() {
        return this.f6419b;
    }

    @Deprecated
    public final ao j() {
        return c().b();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void k() {
        if (this.g == 0 || !f.compareAndSet(this, 0, 1)) {
            return;
        }
        Pool.destroy(this.g);
    }
}
