package io.netty.handler.ssl;

import com.squareup.okhttp.HttpUrl;
import defpackage.ch;
import defpackage.dh;
import defpackage.ih;
import defpackage.tg;
import defpackage.zg;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.util.AbstractReferenceCounted;
import io.netty.util.ReferenceCounted;
import io.netty.util.ResourceLeak;
import io.netty.util.ResourceLeakDetector;
import io.netty.util.ResourceLeakDetectorFactory;
import io.netty.util.internal.ObjectUtil;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* loaded from: classes2.dex */
public abstract class ReferenceCountedOpenSslContext extends SslContext implements ReferenceCounted {
    public static final InternalLogger n;
    public static final boolean o;
    public static final List<String> p;
    public static final Integer u;
    public static final ResourceLeakDetector<ReferenceCountedOpenSslContext> v;
    public static final OpenSslApplicationProtocolNegotiator w;
    public volatile long c;
    public long d;
    public final List<String> e;
    public final OpenSslApplicationProtocolNegotiator f;
    public final int g;
    public final ResourceLeak h;
    public final AbstractReferenceCounted i;
    public final Certificate[] j;
    public final ClientAuth k;
    public final zg l;
    public volatile boolean m;

    /* loaded from: classes2.dex */
    public static class a implements PrivilegedAction<Boolean> {
        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Boolean run() {
            return Boolean.valueOf(SystemPropertyUtil.d("jdk.tls.rejectClientInitiatedRenegotiation", false));
        }
    }

    /* loaded from: classes2.dex */
    public class b extends AbstractReferenceCounted {
        public b() {
        }

        @Override // io.netty.util.AbstractReferenceCounted
        public void deallocate() {
            ReferenceCountedOpenSslContext.this.w();
            if (ReferenceCountedOpenSslContext.this.h != null) {
                ReferenceCountedOpenSslContext.this.h.close();
            }
        }
    }

    /* loaded from: classes2.dex */
    public static class c implements OpenSslApplicationProtocolNegotiator {
        @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
        public ApplicationProtocolConfig.SelectorFailureBehavior b() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
        public ApplicationProtocolConfig.Protocol c() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }

        @Override // io.netty.handler.ssl.ApplicationProtocolNegotiator
        public List<String> d() {
            return Collections.emptyList();
        }

        @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior f() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }
    }

    /* loaded from: classes2.dex */
    public static class d implements PrivilegedAction<String> {
        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public String run() {
            return SystemPropertyUtil.b("jdk.tls.ephemeralDHKeySize");
        }
    }

    /* loaded from: classes2.dex */
    public static /* synthetic */ class e {
        public static final /* synthetic */ int[] a;
        public static final /* synthetic */ int[] b;
        public static final /* synthetic */ int[] c;

        static {
            int[] iArr = new int[ApplicationProtocolConfig.SelectedListenerFailureBehavior.values().length];
            c = iArr;
            try {
                iArr[ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[ApplicationProtocolConfig.SelectorFailureBehavior.values().length];
            b = iArr2;
            try {
                iArr2[ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                b[ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr3 = new int[ApplicationProtocolConfig.Protocol.values().length];
            a = iArr3;
            try {
                iArr3[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                a[ApplicationProtocolConfig.Protocol.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                a[ApplicationProtocolConfig.Protocol.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                a[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* loaded from: classes2.dex */
    public static abstract class f implements CertificateVerifier {
        public f(zg zgVar) {
        }
    }

    /* loaded from: classes2.dex */
    public static final class g implements zg {
        public final Map<Long, ReferenceCountedOpenSslEngine> a;

        public g() {
            this.a = PlatformDependent.Y();
        }

        public /* synthetic */ g(a aVar) {
            this();
        }

        @Override // defpackage.zg
        public void a(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) {
            this.a.put(Long.valueOf(referenceCountedOpenSslEngine.P()), referenceCountedOpenSslEngine);
        }

        @Override // defpackage.zg
        public ReferenceCountedOpenSslEngine b(long j) {
            return this.a.remove(Long.valueOf(j));
        }
    }

    static {
        InternalLogger b2 = InternalLoggerFactory.b(ReferenceCountedOpenSslContext.class);
        n = b2;
        o = ((Boolean) AccessController.doPrivileged(new a())).booleanValue();
        v = ResourceLeakDetectorFactory.b().c(ReferenceCountedOpenSslContext.class);
        w = new c();
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA");
        p = Collections.unmodifiableList(arrayList);
        if (b2.isDebugEnabled()) {
            b2.debug("Default cipher suite (OpenSSL): " + arrayList);
        }
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new d());
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    n.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        u = num;
    }

    public ReferenceCountedOpenSslContext(Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, boolean z, boolean z2) throws SSLException {
        this(iterable, cipherSuiteFilter, O(applicationProtocolConfig), j, j2, i, certificateArr, clientAuth, z, z2);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public ReferenceCountedOpenSslContext(Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, OpenSslApplicationProtocolNegotiator openSslApplicationProtocolNegotiator, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, boolean z, boolean z2) throws SSLException {
        super(z);
        ClientAuth clientAuth2;
        String next;
        this.i = new b();
        ArrayList arrayList = null;
        this.l = new g(0 == true ? 1 : 0);
        OpenSsl.c();
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.h = z2 ? v.h(this) : null;
        this.g = i;
        if (k()) {
            ObjectUtil.a(clientAuth, "clientAuth");
            clientAuth2 = clientAuth;
        } else {
            clientAuth2 = ClientAuth.NONE;
        }
        this.k = clientAuth2;
        if (i == 1) {
            this.m = o;
        }
        this.j = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            arrayList = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (it.hasNext() && (next = it.next()) != null) {
                String i2 = tg.i(next);
                if (i2 != null) {
                    next = i2;
                }
                arrayList.add(next);
            }
        }
        ObjectUtil.a(cipherSuiteFilter, "cipherFilter");
        List<String> asList = Arrays.asList(cipherSuiteFilter.a(arrayList, p, OpenSsl.a()));
        this.e = asList;
        ObjectUtil.a(openSslApplicationProtocolNegotiator, "apn");
        this.f = openSslApplicationProtocolNegotiator;
        this.d = Pool.create(0L);
        try {
            synchronized (ReferenceCountedOpenSslContext.class) {
                try {
                    try {
                        this.c = SSLContext.make(this.d, 31, i);
                        SSLContext.setOptions(this.c, 4095);
                        SSLContext.setOptions(this.c, 16777216);
                        SSLContext.setOptions(this.c, 33554432);
                        SSLContext.setOptions(this.c, 4194304);
                        SSLContext.setOptions(this.c, 524288);
                        SSLContext.setOptions(this.c, 1048576);
                        SSLContext.setOptions(this.c, 65536);
                        SSLContext.setOptions(this.c, 16384);
                        SSLContext.setMode(this.c, SSLContext.getMode(this.c) | 2);
                        Integer num = u;
                        if (num != null) {
                            SSLContext.setTmpDHLength(this.c, num.intValue());
                        }
                        try {
                            try {
                                SSLContext.setCipherSuite(this.c, tg.h(asList));
                                List<String> d2 = openSslApplicationProtocolNegotiator.d();
                                if (!d2.isEmpty()) {
                                    String[] strArr = (String[]) d2.toArray(new String[d2.size()]);
                                    int F = F(openSslApplicationProtocolNegotiator.b());
                                    int i3 = e.a[openSslApplicationProtocolNegotiator.c().ordinal()];
                                    if (i3 == 1) {
                                        SSLContext.setNpnProtos(this.c, strArr, F);
                                    } else if (i3 == 2) {
                                        SSLContext.setAlpnProtos(this.c, strArr, F);
                                    } else {
                                        if (i3 != 3) {
                                            throw new Error();
                                        }
                                        SSLContext.setNpnProtos(this.c, strArr, F);
                                        SSLContext.setAlpnProtos(this.c, strArr, F);
                                    }
                                }
                                if (j > 0) {
                                    SSLContext.setSessionCacheSize(this.c, j);
                                } else {
                                    SSLContext.setSessionCacheSize(this.c, SSLContext.setSessionCacheSize(this.c, 20480L));
                                }
                                if (j2 > 0) {
                                    SSLContext.setSessionCacheTimeout(this.c, j2);
                                } else {
                                    SSLContext.setSessionCacheTimeout(this.c, SSLContext.setSessionCacheTimeout(this.c, 300L));
                                }
                            } catch (Exception e2) {
                                throw new SSLException("failed to set cipher suite: " + this.e, e2);
                            }
                        } catch (SSLException e3) {
                            throw e3;
                        }
                    } catch (Exception e4) {
                        throw new SSLException("failed to create an SSL_CTX", e4);
                    }
                } catch (Throwable th) {
                    throw th;
                }
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    public static long B(ByteBuf byteBuf) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int C1 = byteBuf.C1();
            if (SSL.writeToBIO(newMemBIO, OpenSsl.i(byteBuf) + byteBuf.D1(), C1) == C1) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            byteBuf.release();
        }
    }

    public static int F(ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior) {
        int i = e.b[selectorFailureBehavior.ordinal()];
        if (i == 1) {
            return 0;
        }
        if (i == 2) {
            return 1;
        }
        throw new Error();
    }

    public static void J(long j, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j2;
        long j3;
        long j4 = 0;
        dh dhVar = null;
        try {
            try {
                ByteBufAllocator byteBufAllocator = ByteBufAllocator.a;
                dhVar = PemX509Certificate.toPEM(byteBufAllocator, true, x509CertificateArr);
                j3 = L(byteBufAllocator, dhVar.retain());
                try {
                    long L = L(byteBufAllocator, dhVar.retain());
                    if (privateKey != null) {
                        try {
                            j4 = M(privateKey);
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            e = e3;
                            throw new SSLException("failed to set certificate and key", e);
                        } catch (Throwable th) {
                            th = th;
                            j2 = L;
                            y(j4);
                            y(j3);
                            y(j2);
                            if (dhVar != null) {
                                dhVar.release();
                            }
                            throw th;
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j, j3, j4, str == null ? HttpUrl.FRAGMENT_ENCODE_SET : str);
                        SSLContext.setCertificateChainBio(j, L, true);
                        y(j4);
                        y(j3);
                        y(L);
                        if (dhVar != null) {
                            dhVar.release();
                        }
                    } catch (SSLException e4) {
                    } catch (Exception e5) {
                        e = e5;
                        throw new SSLException("failed to set certificate and key", e);
                    }
                } catch (SSLException e6) {
                } catch (Exception e7) {
                    e = e7;
                } catch (Throwable th2) {
                    th = th2;
                    j2 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e8) {
            throw e8;
        } catch (Exception e9) {
            e = e9;
        } catch (Throwable th4) {
            th = th4;
            j2 = 0;
            j3 = 0;
        }
    }

    public static long L(ByteBufAllocator byteBufAllocator, dh dhVar) throws Exception {
        try {
            ByteBuf content = dhVar.content();
            if (content.Z0()) {
                return B(content.V1().retain());
            }
            ByteBuf j = byteBufAllocator.j(content.C1());
            try {
                j.g2(content, content.D1(), content.C1());
                long B = B(j.V1().retain());
                try {
                    if (dhVar.isSensitive()) {
                        ih.d(j);
                    }
                    return B;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (dhVar.isSensitive()) {
                        ih.d(j);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            dhVar.release();
        }
    }

    public static long M(PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        ByteBufAllocator byteBufAllocator = ByteBufAllocator.a;
        dh pem = PemPrivateKey.toPEM(byteBufAllocator, true, privateKey);
        try {
            return L(byteBufAllocator, pem.retain());
        } finally {
            pem.release();
        }
    }

    public static long N(X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        ByteBufAllocator byteBufAllocator = ByteBufAllocator.a;
        dh pem = PemX509Certificate.toPEM(byteBufAllocator, true, x509CertificateArr);
        try {
            return L(byteBufAllocator, pem.retain());
        } finally {
            pem.release();
        }
    }

    public static OpenSslApplicationProtocolNegotiator O(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return w;
        }
        int i = e.a[applicationProtocolConfig.a().ordinal()];
        if (i != 1 && i != 2 && i != 3) {
            if (i == 4) {
                return w;
            }
            throw new Error();
        }
        int i2 = e.c[applicationProtocolConfig.b().ordinal()];
        if (i2 != 1 && i2 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.b() + " behavior");
        }
        int i3 = e.b[applicationProtocolConfig.c().ordinal()];
        if (i3 == 1 || i3 == 2) {
            return new OpenSslDefaultApplicationProtocolNegotiator(applicationProtocolConfig);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.c() + " behavior");
    }

    public static boolean P(X509KeyManager x509KeyManager) {
        return PlatformDependent.P() >= 7 && (x509KeyManager instanceof X509ExtendedKeyManager);
    }

    public static boolean Q(X509TrustManager x509TrustManager) {
        return PlatformDependent.P() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    public static X509TrustManager u(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static X509KeyManager v(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    public static void y(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    public abstract ch A();

    public final SSLEngine C(ByteBufAllocator byteBufAllocator, String str, int i) {
        return E(byteBufAllocator, str, i);
    }

    public SSLEngine E(ByteBufAllocator byteBufAllocator, String str, int i) {
        return new ReferenceCountedOpenSslEngine(this, byteBufAllocator, str, i, true);
    }

    public abstract OpenSslSessionContext H();

    @Override // io.netty.handler.ssl.SslContext
    public final boolean j() {
        return this.g == 0;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SSLEngine l(ByteBufAllocator byteBufAllocator) {
        return C(byteBufAllocator, null, -1);
    }

    @Override // io.netty.util.ReferenceCounted
    public final int refCnt() {
        return this.i.refCnt();
    }

    @Override // io.netty.util.ReferenceCounted
    public final boolean release() {
        return this.i.release();
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted retain() {
        this.i.retain();
        return this;
    }

    public ApplicationProtocolNegotiator t() {
        return this.f;
    }

    public final void w() {
        synchronized (ReferenceCountedOpenSslContext.class) {
            if (this.c != 0) {
                SSLContext.free(this.c);
                this.c = 0L;
            }
            long j = this.d;
            if (j != 0) {
                Pool.destroy(j);
                this.d = 0L;
            }
        }
    }
}
