package o.a.c.g;

import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import o.a.c.g.b;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* compiled from: ReferenceCountedOpenSslContext.java */
/* loaded from: classes4.dex */
public abstract class w0 extends a1 implements o.a.e.y {

    /* renamed from: t, reason: collision with root package name */
    private static final List<String> f28941t;

    /* renamed from: u, reason: collision with root package name */
    private static final Integer f28942u;
    protected static final int w = 10;
    protected volatile long d;

    /* renamed from: e, reason: collision with root package name */
    long f28944e;
    private volatile int f;

    /* renamed from: g, reason: collision with root package name */
    private final List<String> f28945g;

    /* renamed from: h, reason: collision with root package name */
    private final long f28946h;
    private final long i;

    /* renamed from: j, reason: collision with root package name */
    private final z f28947j;

    /* renamed from: k, reason: collision with root package name */
    private final int f28948k;
    private final o.a.e.z l;
    private final o.a.e.b m;

    /* renamed from: n, reason: collision with root package name */
    final Certificate[] f28949n;

    /* renamed from: o, reason: collision with root package name */
    final i f28950o;

    /* renamed from: p, reason: collision with root package name */
    final f0 f28951p;

    /* renamed from: q, reason: collision with root package name */
    volatile boolean f28952q;

    /* renamed from: r, reason: collision with root package name */
    private static final o.a.e.m0.j0.f f28939r = o.a.e.m0.j0.g.a((Class<?>) w0.class);

    /* renamed from: s, reason: collision with root package name */
    private static final boolean f28940s = ((Boolean) AccessController.doPrivileged(new a())).booleanValue();

    /* renamed from: v, reason: collision with root package name */
    private static final o.a.e.a0<w0> f28943v = o.a.e.b0.b().a(w0.class);
    static final z x = new c();

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    static class a implements PrivilegedAction<Boolean> {
        a() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public Boolean run() {
            return Boolean.valueOf(o.a.e.m0.z.a("jdk.tls.rejectClientInitiatedRenegotiation", false));
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    class b extends o.a.e.b {
        b() {
        }

        @Override // o.a.e.y, io.netty.channel.h1
        public o.a.e.y d(Object obj) {
            if (w0.this.l != null) {
                w0.this.l.a(obj);
            }
            return w0.this;
        }

        @Override // o.a.e.b
        protected void h() {
            w0.this.J();
            if (w0.this.l != null) {
                w0.this.l.close();
            }
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    static class c implements z {
        c() {
        }

        @Override // o.a.c.g.e
        public List<String> a() {
            return Collections.emptyList();
        }

        @Override // o.a.c.g.z
        public b.c b() {
            return b.c.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // o.a.c.g.z
        public b.EnumC0533b c() {
            return b.EnumC0533b.ACCEPT;
        }

        @Override // o.a.c.g.z
        public b.a protocol() {
            return b.a.NONE;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    static class d implements PrivilegedAction<String> {
        d() {
        }

        @Override // java.security.PrivilegedAction
        public String run() {
            return o.a.e.m0.z.b("jdk.tls.ephemeralDHKeySize");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class e {
        static final /* synthetic */ int[] a;

        /* renamed from: b, reason: collision with root package name */
        static final /* synthetic */ int[] f28954b;

        /* renamed from: c, reason: collision with root package name */
        static final /* synthetic */ int[] f28955c = new int[b.EnumC0533b.values().length];

        static {
            try {
                f28955c[b.EnumC0533b.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f28955c[b.EnumC0533b.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            f28954b = new int[b.c.values().length];
            try {
                f28954b[b.c.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f28954b[b.c.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            a = new int[b.a.values().length];
            try {
                a[b.a.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                a[b.a.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                a[b.a.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                a[b.a.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    public static abstract class f implements CertificateVerifier {
        private final f0 a;

        /* JADX INFO: Access modifiers changed from: package-private */
        public f(f0 f0Var) {
            this.a = f0Var;
        }

        public final int a(long j2, byte[][] bArr, String str) {
            X509Certificate[] a = w0.a(bArr);
            x0 b2 = this.a.b(j2);
            try {
                a(b2, a, str);
                return 0;
            } catch (Throwable th) {
                w0.f28939r.e("verification of certificate failed", (Throwable) th);
                SSLHandshakeException sSLHandshakeException = new SSLHandshakeException("General OpenSslEngine problem");
                sSLHandshakeException.initCause(th);
                b2.B = sSLHandshakeException;
                if (th instanceof a0) {
                    return th.a();
                }
                if (th instanceof CertificateExpiredException) {
                    return 10;
                }
                if (th instanceof CertificateNotYetValidException) {
                    return 9;
                }
                return (o.a.e.m0.r.v() < 7 || !(th instanceof CertificateRevokedException)) ? 1 : 23;
            }
        }

        abstract void a(x0 x0Var, X509Certificate[] x509CertificateArr, String str) throws Exception;
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    private static final class g implements f0 {
        private final Map<Long, x0> a;

        private g() {
            this.a = o.a.e.m0.r.B();
        }

        /* synthetic */ g(a aVar) {
            this();
        }

        @Override // o.a.c.g.f0
        public x0 a(long j2) {
            return this.a.remove(Long.valueOf(j2));
        }

        @Override // o.a.c.g.f0
        public void a(x0 x0Var) {
            this.a.put(Long.valueOf(x0Var.h()), x0Var);
        }

        @Override // o.a.c.g.f0
        public x0 b(long j2) {
            return this.a.get(Long.valueOf(j2));
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA");
        f28941t = Collections.unmodifiableList(arrayList);
        if (f28939r.b()) {
            f28939r.b("Default cipher suite (OpenSSL): " + arrayList);
        }
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new d());
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    f28939r.b("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        f28942u = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public w0(Iterable<String> iterable, h hVar, o.a.c.g.b bVar, long j2, long j3, int i, Certificate[] certificateArr, i iVar, boolean z, boolean z2) throws SSLException {
        this(iterable, hVar, a(bVar), j2, j3, i, certificateArr, iVar, z, z2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public w0(Iterable<String> iterable, h hVar, z zVar, long j2, long j3, int i, Certificate[] certificateArr, i iVar, boolean z, boolean z2) throws SSLException {
        super(z);
        String next;
        this.m = new b();
        ArrayList arrayList = null;
        this.f28951p = new g(0 == true ? 1 : 0);
        y.d();
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.l = z2 ? f28943v.a((o.a.e.a0<w0>) this) : null;
        this.f28948k = i;
        this.f28950o = j() ? (i) o.a.e.m0.o.a(iVar, "clientAuth") : i.NONE;
        if (i == 1) {
            this.f28952q = f28940s;
        }
        this.f28949n = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            arrayList = new ArrayList();
            Iterator<String> it2 = iterable.iterator();
            while (it2.hasNext() && (next = it2.next()) != null) {
                String e2 = o.a.c.g.g.e(next);
                if (e2 != null) {
                    next = e2;
                }
                arrayList.add(next);
            }
        }
        this.f28945g = Arrays.asList(((h) o.a.e.m0.o.a(hVar, "cipherFilter")).a(arrayList, f28941t, y.a()));
        this.f28947j = (z) o.a.e.m0.o.a(zVar, "apn");
        this.f28944e = Pool.create(0L);
        try {
            synchronized (w0.class) {
                try {
                    try {
                        this.d = SSLContext.make(this.f28944e, 31, i);
                        SSLContext.setOptions(this.d, 4095);
                        SSLContext.setOptions(this.d, 16777216);
                        SSLContext.setOptions(this.d, 33554432);
                        SSLContext.setOptions(this.d, 4194304);
                        SSLContext.setOptions(this.d, 524288);
                        SSLContext.setOptions(this.d, 1048576);
                        SSLContext.setOptions(this.d, 65536);
                        SSLContext.setOptions(this.d, 16384);
                        SSLContext.setMode(this.d, SSLContext.getMode(this.d) | 2);
                        if (f28942u != null) {
                            SSLContext.setTmpDHLength(this.d, f28942u.intValue());
                        }
                        try {
                            try {
                                SSLContext.setCipherSuite(this.d, o.a.c.g.g.a(this.f28945g));
                                List<String> a2 = zVar.a();
                                if (!a2.isEmpty()) {
                                    String[] strArr = (String[]) a2.toArray(new String[a2.size()]);
                                    int a3 = a(zVar.b());
                                    int i2 = e.a[zVar.protocol().ordinal()];
                                    if (i2 == 1) {
                                        SSLContext.setNpnProtos(this.d, strArr, a3);
                                    } else if (i2 == 2) {
                                        SSLContext.setAlpnProtos(this.d, strArr, a3);
                                    } else {
                                        if (i2 != 3) {
                                            throw new Error();
                                        }
                                        SSLContext.setNpnProtos(this.d, strArr, a3);
                                        SSLContext.setAlpnProtos(this.d, strArr, a3);
                                    }
                                }
                                if (j2 > 0) {
                                    this.f28946h = j2;
                                    SSLContext.setSessionCacheSize(this.d, j2);
                                } else {
                                    long sessionCacheSize = SSLContext.setSessionCacheSize(this.d, 20480L);
                                    this.f28946h = sessionCacheSize;
                                    SSLContext.setSessionCacheSize(this.d, sessionCacheSize);
                                }
                                if (j3 > 0) {
                                    this.i = j3;
                                    SSLContext.setSessionCacheTimeout(this.d, j3);
                                } else {
                                    long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.d, 300L);
                                    this.i = sessionCacheTimeout;
                                    SSLContext.setSessionCacheTimeout(this.d, sessionCacheTimeout);
                                }
                            } catch (SSLException e3) {
                                throw e3;
                            }
                        } catch (Exception e4) {
                            throw new SSLException("failed to set cipher suite: " + this.f28945g, e4);
                        }
                    } catch (Exception e5) {
                        throw new SSLException("failed to create an SSL_CTX", e5);
                    }
                } catch (Throwable th) {
                    throw th;
                }
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    private static int a(b.c cVar) {
        int i = e.f28954b[cVar.ordinal()];
        if (i == 1) {
            return 0;
        }
        if (i == 2) {
            return 1;
        }
        throw new Error();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        o.a.b.k kVar = o.a.b.k.a;
        q0 a2 = r0.a(kVar, true, privateKey);
        try {
            return a(kVar, a2.l());
        } finally {
            a2.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(o.a.b.k kVar, q0 q0Var) throws Exception {
        try {
            o.a.b.j u2 = q0Var.u();
            if (u2.u1()) {
                return e(u2.e2());
            }
            o.a.b.j e2 = kVar.e(u2.a2());
            try {
                e2.b(u2, u2.b2(), u2.a2());
                long e3 = e(e2.e2());
                try {
                    if (q0Var.d()) {
                        g1.a(e2);
                    }
                    return e3;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (q0Var.d()) {
                        g1.a(e2);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            q0Var.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        o.a.b.k kVar = o.a.b.k.a;
        q0 a2 = u0.a(kVar, true, x509CertificateArr);
        try {
            return a(kVar, a2.l());
        } finally {
            a2.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager a(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static z a(o.a.c.g.b bVar) {
        if (bVar == null) {
            return x;
        }
        int i = e.a[bVar.a().ordinal()];
        if (i != 1 && i != 2 && i != 3) {
            if (i == 4) {
                return x;
            }
            throw new Error();
        }
        int i2 = e.f28955c[bVar.b().ordinal()];
        if (i2 != 1 && i2 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + bVar.b() + " behavior");
        }
        int i3 = e.f28954b[bVar.c().ordinal()];
        if (i3 == 1 || i3 == 2) {
            return new d0(bVar);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + bVar.c() + " behavior");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(long j2, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j3;
        long j4;
        long j5 = 0;
        q0 q0Var = null;
        try {
            try {
                q0Var = u0.a(o.a.b.k.a, true, x509CertificateArr);
                j4 = a(o.a.b.k.a, q0Var.l());
                try {
                    long a2 = a(o.a.b.k.a, q0Var.l());
                    if (privateKey != null) {
                        try {
                            j5 = a(privateKey);
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            e = e3;
                            throw new SSLException("failed to set certificate and key", e);
                        } catch (Throwable th) {
                            th = th;
                            j3 = a2;
                            b(j5);
                            b(j4);
                            b(j3);
                            if (q0Var != null) {
                                q0Var.release();
                            }
                            throw th;
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j2, j4, j5, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j2, a2, true);
                        b(j5);
                        b(j4);
                        b(a2);
                        if (q0Var != null) {
                            q0Var.release();
                        }
                    } catch (SSLException e4) {
                    } catch (Exception e5) {
                        e = e5;
                        throw new SSLException("failed to set certificate and key", e);
                    }
                } catch (SSLException e6) {
                } catch (Exception e7) {
                    e = e7;
                } catch (Throwable th2) {
                    th = th2;
                    j3 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e8) {
            throw e8;
        } catch (Exception e9) {
            e = e9;
        } catch (Throwable th4) {
            th = th4;
            j3 = 0;
            j4 = 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509KeyManager x509KeyManager) {
        return o.a.e.m0.r.v() >= 7 && (x509KeyManager instanceof X509ExtendedKeyManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509TrustManager x509TrustManager) {
        return o.a.e.m0.r.v() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    protected static X509Certificate[] a(byte[][] bArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr[i] = new p0(bArr[i]);
        }
        return x509CertificateArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void b(long j2) {
        if (j2 != 0) {
            SSL.freeBIO(j2);
        }
    }

    private static long e(o.a.b.j jVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int a2 = jVar.a2();
            if (SSL.writeToBIO(newMemBIO, y.a(jVar) + jVar.b2(), a2) == a2) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.release();
        }
    }

    @Deprecated
    public final long G() {
        return this.d;
    }

    final void J() {
        synchronized (w0.class) {
            if (this.d != 0) {
                SSLContext.free(this.d);
                this.d = 0L;
            }
            if (this.f28944e != 0) {
                Pool.destroy(this.f28944e);
                this.f28944e = 0L;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract i0 K();

    public final long L() {
        return this.d;
    }

    @Deprecated
    public final n0 S() {
        return s().b();
    }

    @Override // o.a.e.y
    public final int a() {
        return this.m.a();
    }

    @Override // o.a.c.g.a1
    public final SSLEngine a(o.a.b.k kVar) {
        return a(kVar, (String) null, -1);
    }

    @Override // o.a.c.g.a1
    public final SSLEngine a(o.a.b.k kVar, String str, int i) {
        return c(kVar, str, i);
    }

    public void a(boolean z) {
        this.f28952q = z;
    }

    @Deprecated
    public final void a(byte[] bArr) {
        s().a(bArr);
    }

    @Override // o.a.e.y
    public final boolean a(int i) {
        return this.m.a(i);
    }

    @Override // o.a.c.g.a1
    public o.a.c.g.e b() {
        return this.f28947j;
    }

    SSLEngine c(o.a.b.k kVar, String str, int i) {
        return new x0(this, kVar, str, i, true);
    }

    @Override // o.a.e.y, io.netty.channel.h1
    public final o.a.e.y d(Object obj) {
        this.m.d(obj);
        return this;
    }

    @Override // o.a.c.g.a1
    public final List<String> h() {
        return this.f28945g;
    }

    @Override // o.a.c.g.a1
    public final boolean i() {
        return this.f28948k == 0;
    }

    @Override // o.a.e.y, io.netty.channel.h1
    public final o.a.e.y k() {
        this.m.k();
        return this;
    }

    @Override // o.a.e.y, io.netty.channel.h1
    public final o.a.e.y l() {
        this.m.l();
        return this;
    }

    @Override // o.a.c.g.a1
    public final long r() {
        return this.f28946h;
    }

    @Override // o.a.e.y
    public final boolean release() {
        return this.m.release();
    }

    @Override // o.a.e.y, io.netty.channel.h1
    public final o.a.e.y retain(int i) {
        this.m.retain(i);
        return this;
    }

    @Override // o.a.c.g.a1
    public abstract m0 s();

    @Override // o.a.c.g.a1
    public final long t() {
        return this.i;
    }
}
