package io.netty.handler.ssl;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.util.ResourceLeakDetector;
import io.netty.util.internal.PlatformDependent;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.compress.archivers.zip.UnixStat;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;
import qm.a0;
import qm.f0;
import qm.g0;
import qm.s;
import qm.s0;
import qm.y;
import xm.v;
import xm.w;
import xm.x;

/* loaded from: classes7.dex */
public abstract class n extends p implements v {

    /* renamed from: q, reason: collision with root package name */
    public static final bn.b f32146q;

    /* renamed from: r, reason: collision with root package name */
    public static final boolean f32147r;

    /* renamed from: s, reason: collision with root package name */
    public static final List<String> f32148s;

    /* renamed from: t, reason: collision with root package name */
    public static final Integer f32149t;

    /* renamed from: u, reason: collision with root package name */
    public static final ResourceLeakDetector<n> f32150u;

    /* renamed from: v, reason: collision with root package name */
    public static final int f32151v = 10;

    /* renamed from: w, reason: collision with root package name */
    public static final i f32152w;

    /* renamed from: c, reason: collision with root package name */
    public volatile long f32153c;

    /* renamed from: d, reason: collision with root package name */
    public long f32154d;

    /* renamed from: e, reason: collision with root package name */
    public volatile int f32155e;

    /* renamed from: f, reason: collision with root package name */
    public final List<String> f32156f;

    /* renamed from: g, reason: collision with root package name */
    public final long f32157g;

    /* renamed from: h, reason: collision with root package name */
    public final long f32158h;

    /* renamed from: i, reason: collision with root package name */
    public final i f32159i;

    /* renamed from: j, reason: collision with root package name */
    public final int f32160j;

    /* renamed from: k, reason: collision with root package name */
    public final w f32161k;

    /* renamed from: l, reason: collision with root package name */
    public final xm.b f32162l;

    /* renamed from: m, reason: collision with root package name */
    public final Certificate[] f32163m;

    /* renamed from: n, reason: collision with root package name */
    public final ClientAuth f32164n;

    /* renamed from: o, reason: collision with root package name */
    public final s f32165o;

    /* renamed from: p, reason: collision with root package name */
    public volatile boolean f32166p;

    /* loaded from: classes7.dex */
    public static class a implements PrivilegedAction<Boolean> {
        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Boolean run() {
            return Boolean.valueOf(an.v.d("jdk.tls.rejectClientInitiatedRenegotiation", false));
        }
    }

    /* loaded from: classes7.dex */
    public class b extends xm.b {
        public b() {
        }

        @Override // xm.b
        public void deallocate() {
            n.this.M0();
            if (n.this.f32161k != null) {
                n.this.f32161k.close();
            }
        }

        @Override // xm.v
        public v touch(Object obj) {
            if (n.this.f32161k != null) {
                n.this.f32161k.a(obj);
            }
            return n.this;
        }
    }

    /* loaded from: classes7.dex */
    public static class c implements i {
        @Override // io.netty.handler.ssl.i
        public ApplicationProtocolConfig.SelectorFailureBehavior a() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.netty.handler.ssl.i
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior c() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }

        @Override // qm.d
        public List<String> e() {
            return Collections.emptyList();
        }

        @Override // io.netty.handler.ssl.i
        public ApplicationProtocolConfig.Protocol protocol() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }
    }

    /* loaded from: classes7.dex */
    public static class d implements PrivilegedAction<String> {
        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public String run() {
            return an.v.b("jdk.tls.ephemeralDHKeySize");
        }
    }

    /* loaded from: classes7.dex */
    public static /* synthetic */ class e {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f32168a;

        /* renamed from: b, reason: collision with root package name */
        public static final /* synthetic */ int[] f32169b;

        /* renamed from: c, reason: collision with root package name */
        public static final /* synthetic */ int[] f32170c;

        static {
            int[] iArr = new int[ApplicationProtocolConfig.SelectedListenerFailureBehavior.values().length];
            f32170c = iArr;
            try {
                iArr[ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f32170c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[ApplicationProtocolConfig.SelectorFailureBehavior.values().length];
            f32169b = iArr2;
            try {
                iArr2[ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f32169b[ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr3 = new int[ApplicationProtocolConfig.Protocol.values().length];
            f32168a = iArr3;
            try {
                iArr3[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                f32168a[ApplicationProtocolConfig.Protocol.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f32168a[ApplicationProtocolConfig.Protocol.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f32168a[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* loaded from: classes7.dex */
    public static abstract class f implements CertificateVerifier {

        /* renamed from: a, reason: collision with root package name */
        public final s f32171a;

        public f(s sVar) {
            this.f32171a = sVar;
        }

        public final int a(long j10, byte[][] bArr, String str) {
            X509Certificate[] I0 = n.I0(bArr);
            ReferenceCountedOpenSslEngine x10 = this.f32171a.x(j10);
            try {
                b(x10, I0, str);
                return 0;
            } catch (Throwable th2) {
                n.f32146q.debug("verification of certificate failed", (Throwable) th2);
                SSLHandshakeException sSLHandshakeException = new SSLHandshakeException("General OpenSslEngine problem");
                sSLHandshakeException.initCause(th2);
                x10.A = sSLHandshakeException;
                if (th2 instanceof OpenSslCertificateException) {
                    return th2.errorCode();
                }
                if (th2 instanceof CertificateExpiredException) {
                    return 10;
                }
                if (th2 instanceof CertificateNotYetValidException) {
                    return 9;
                }
                return (PlatformDependent.g0() < 7 || !g0.a(th2)) ? 1 : 23;
            }
        }

        public abstract void b(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine, X509Certificate[] x509CertificateArr, String str) throws Exception;
    }

    /* loaded from: classes7.dex */
    public static final class g implements s {

        /* renamed from: a, reason: collision with root package name */
        public final Map<Long, ReferenceCountedOpenSslEngine> f32172a;

        public g() {
            this.f32172a = PlatformDependent.q0();
        }

        public /* synthetic */ g(a aVar) {
            this();
        }

        @Override // qm.s
        public ReferenceCountedOpenSslEngine f(long j10) {
            return this.f32172a.remove(Long.valueOf(j10));
        }

        @Override // qm.s
        public ReferenceCountedOpenSslEngine x(long j10) {
            return this.f32172a.get(Long.valueOf(j10));
        }

        @Override // qm.s
        public void y(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) {
            this.f32172a.put(Long.valueOf(referenceCountedOpenSslEngine.a0()), referenceCountedOpenSslEngine);
        }
    }

    static {
        bn.b b10 = bn.c.b(n.class);
        f32146q = b10;
        f32147r = ((Boolean) AccessController.doPrivileged(new a())).booleanValue();
        f32150u = x.b().c(n.class);
        f32152w = new c();
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA");
        f32148s = Collections.unmodifiableList(arrayList);
        if (b10.isDebugEnabled()) {
            b10.debug("Default cipher suite (OpenSSL): " + arrayList);
        }
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new d());
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    f32146q.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        f32149t = num;
    }

    public n(Iterable<String> iterable, qm.g gVar, ApplicationProtocolConfig applicationProtocolConfig, long j10, long j11, int i10, Certificate[] certificateArr, ClientAuth clientAuth, boolean z10, boolean z11) throws SSLException {
        this(iterable, gVar, d1(applicationProtocolConfig), j10, j11, i10, certificateArr, clientAuth, z10, z11);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public n(Iterable<String> iterable, qm.g gVar, i iVar, long j10, long j11, int i10, Certificate[] certificateArr, ClientAuth clientAuth, boolean z10, boolean z11) throws SSLException {
        super(z10);
        String next;
        this.f32162l = new b();
        ArrayList arrayList = null;
        this.f32165o = new g(0 == true ? 1 : 0);
        qm.o.d();
        if (i10 != 1 && i10 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.f32161k = z11 ? f32150u.i(this) : null;
        this.f32160j = i10;
        this.f32164n = B() ? (ClientAuth) an.n.b(clientAuth, "clientAuth") : ClientAuth.NONE;
        if (i10 == 1) {
            this.f32166p = f32147r;
        }
        this.f32163m = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            arrayList = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (it.hasNext() && (next = it.next()) != null) {
                String l10 = qm.f.l(next);
                if (l10 != null) {
                    next = l10;
                }
                arrayList.add(next);
            }
        }
        List<String> asList = Arrays.asList(((qm.g) an.n.b(gVar, "cipherFilter")).a(arrayList, f32148s, qm.o.a()));
        this.f32156f = asList;
        this.f32159i = (i) an.n.b(iVar, "apn");
        this.f32154d = Pool.create(0L);
        try {
            synchronized (n.class) {
                try {
                    try {
                        this.f32153c = SSLContext.make(this.f32154d, 31, i10);
                        SSLContext.setOptions(this.f32153c, UnixStat.PERM_MASK);
                        SSLContext.setOptions(this.f32153c, 16777216);
                        SSLContext.setOptions(this.f32153c, il.v.f30011i);
                        SSLContext.setOptions(this.f32153c, 4194304);
                        SSLContext.setOptions(this.f32153c, 524288);
                        SSLContext.setOptions(this.f32153c, 1048576);
                        SSLContext.setOptions(this.f32153c, 65536);
                        SSLContext.setOptions(this.f32153c, 16384);
                        SSLContext.setMode(this.f32153c, SSLContext.getMode(this.f32153c) | 2);
                        Integer num = f32149t;
                        if (num != null) {
                            SSLContext.setTmpDHLength(this.f32153c, num.intValue());
                        }
                        try {
                            SSLContext.setCipherSuite(this.f32153c, qm.f.k(asList));
                            List<String> e10 = iVar.e();
                            if (!e10.isEmpty()) {
                                String[] strArr = (String[]) e10.toArray(new String[e10.size()]);
                                int R0 = R0(iVar.a());
                                int i11 = e.f32168a[iVar.protocol().ordinal()];
                                if (i11 == 1) {
                                    SSLContext.setNpnProtos(this.f32153c, strArr, R0);
                                } else if (i11 == 2) {
                                    SSLContext.setAlpnProtos(this.f32153c, strArr, R0);
                                } else {
                                    if (i11 != 3) {
                                        throw new Error();
                                    }
                                    SSLContext.setNpnProtos(this.f32153c, strArr, R0);
                                    SSLContext.setAlpnProtos(this.f32153c, strArr, R0);
                                }
                            }
                            if (j10 > 0) {
                                this.f32157g = j10;
                                SSLContext.setSessionCacheSize(this.f32153c, j10);
                            } else {
                                long sessionCacheSize = SSLContext.setSessionCacheSize(this.f32153c, 20480L);
                                this.f32157g = sessionCacheSize;
                                SSLContext.setSessionCacheSize(this.f32153c, sessionCacheSize);
                            }
                            if (j11 > 0) {
                                this.f32158h = j11;
                                SSLContext.setSessionCacheTimeout(this.f32153c, j11);
                            } else {
                                long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.f32153c, 300L);
                                this.f32158h = sessionCacheTimeout;
                                SSLContext.setSessionCacheTimeout(this.f32153c, sessionCacheTimeout);
                            }
                        } catch (SSLException e11) {
                            throw e11;
                        } catch (Exception e12) {
                            throw new SSLException("failed to set cipher suite: " + this.f32156f, e12);
                        }
                    } catch (Exception e13) {
                        throw new SSLException("failed to create an SSL_CTX", e13);
                    }
                } catch (Throwable th2) {
                    throw th2;
                }
            }
        } catch (Throwable th3) {
            release();
            throw th3;
        }
    }

    public static X509Certificate[] I0(byte[][] bArr) {
        int length = bArr.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i10 = 0; i10 < length; i10++) {
            x509CertificateArr[i10] = new OpenSslX509Certificate(bArr[i10]);
        }
        return x509CertificateArr;
    }

    public static X509TrustManager J0(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static X509KeyManager K0(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    public static void N0(long j10) {
        if (j10 != 0) {
            SSL.freeBIO(j10);
        }
    }

    public static long P0(nk.j jVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int k72 = jVar.k7();
            if (SSL.writeToBIO(newMemBIO, qm.o.l(jVar) + jVar.l7(), k72) == k72) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.release();
        }
    }

    public static int R0(ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior) {
        int i10 = e.f32169b[selectorFailureBehavior.ordinal()];
        if (i10 == 1) {
            return 0;
        }
        if (i10 == 2) {
            return 1;
        }
        throw new Error();
    }

    public static void U0(long j10, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j11;
        long j12;
        long j13 = 0;
        a0 a0Var = null;
        try {
            try {
                nk.k kVar = nk.k.f39425a;
                a0Var = PemX509Certificate.toPEM(kVar, true, x509CertificateArr);
                long b12 = b1(kVar, a0Var.retain());
                try {
                    long b13 = b1(kVar, a0Var.retain());
                    if (privateKey != null) {
                        try {
                            j13 = a1(privateKey);
                        } catch (SSLException e10) {
                            throw e10;
                        } catch (Exception e11) {
                            e = e11;
                            throw new SSLException("failed to set certificate and key", e);
                        } catch (Throwable th2) {
                            th = th2;
                            j12 = b12;
                            j11 = b13;
                            N0(j13);
                            N0(j12);
                            N0(j11);
                            if (a0Var != null) {
                                a0Var.release();
                            }
                            throw th;
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j10, b12, j13, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j10, b13, true);
                        N0(j13);
                        N0(b12);
                        N0(b13);
                        a0Var.release();
                    } catch (SSLException e12) {
                    } catch (Exception e13) {
                        e = e13;
                        throw new SSLException("failed to set certificate and key", e);
                    }
                } catch (SSLException e14) {
                } catch (Exception e15) {
                    e = e15;
                } catch (Throwable th3) {
                    th = th3;
                    j12 = b12;
                    j11 = 0;
                }
            } catch (Throwable th4) {
                th = th4;
            }
        } catch (SSLException e16) {
            throw e16;
        } catch (Exception e17) {
            e = e17;
        } catch (Throwable th5) {
            th = th5;
            j11 = 0;
            j12 = 0;
        }
    }

    public static long a1(PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        nk.k kVar = nk.k.f39425a;
        a0 pem = PemPrivateKey.toPEM(kVar, true, privateKey);
        try {
            return b1(kVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    public static long b1(nk.k kVar, a0 a0Var) throws Exception {
        try {
            nk.j content = a0Var.content();
            if (content.m6()) {
                return P0(content.s7());
            }
            nk.j n10 = kVar.n(content.k7());
            try {
                n10.k8(content, content.l7(), content.k7());
                long P0 = P0(n10.s7());
                try {
                    if (a0Var.isSensitive()) {
                        s0.d(n10);
                    }
                    return P0;
                } finally {
                }
            } catch (Throwable th2) {
                try {
                    if (a0Var.isSensitive()) {
                        s0.d(n10);
                    }
                    throw th2;
                } finally {
                }
            }
        } finally {
            a0Var.release();
        }
    }

    public static long c1(X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        nk.k kVar = nk.k.f39425a;
        a0 pem = PemX509Certificate.toPEM(kVar, true, x509CertificateArr);
        try {
            return b1(kVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    public static i d1(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return f32152w;
        }
        int i10 = e.f32168a[applicationProtocolConfig.a().ordinal()];
        if (i10 != 1 && i10 != 2 && i10 != 3) {
            if (i10 == 4) {
                return f32152w;
            }
            throw new Error();
        }
        int i11 = e.f32170c[applicationProtocolConfig.b().ordinal()];
        if (i11 != 1 && i11 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.b() + " behavior");
        }
        int i12 = e.f32169b[applicationProtocolConfig.c().ordinal()];
        if (i12 == 1 || i12 == 2) {
            return new j(applicationProtocolConfig);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.c() + " behavior");
    }

    public static boolean e1(X509KeyManager x509KeyManager) {
        return PlatformDependent.g0() >= 7 && (x509KeyManager instanceof X509ExtendedKeyManager);
    }

    public static boolean k1(X509TrustManager x509TrustManager) {
        return PlatformDependent.g0() >= 7 && f0.a(x509TrustManager);
    }

    @Override // io.netty.handler.ssl.p
    public final boolean A() {
        return this.f32160j == 0;
    }

    @Deprecated
    public final long L0() {
        return this.f32153c;
    }

    public final void M0() {
        synchronized (n.class) {
            if (this.f32153c != 0) {
                SSLContext.free(this.f32153c);
                this.f32153c = 0L;
            }
            long j10 = this.f32154d;
            if (j10 != 0) {
                Pool.destroy(j10);
                this.f32154d = 0L;
            }
        }
    }

    public abstract qm.v O0();

    public SSLEngine Q0(nk.k kVar, String str, int i10) {
        return new ReferenceCountedOpenSslEngine(this, kVar, str, i10, true);
    }

    @Override // io.netty.handler.ssl.p
    /* renamed from: S0 */
    public abstract qm.x u0();

    @Override // io.netty.handler.ssl.p
    public final SSLEngine U(nk.k kVar) {
        return V(kVar, null, -1);
    }

    @Override // io.netty.handler.ssl.p
    public final SSLEngine V(nk.k kVar, String str, int i10) {
        return Q0(kVar, str, i10);
    }

    public void V0(boolean z10) {
        this.f32166p = z10;
    }

    @Deprecated
    public final void W0(byte[] bArr) {
        u0().c(bArr);
    }

    public final long Y0() {
        return this.f32153c;
    }

    @Deprecated
    public final y Z0() {
        return u0().e();
    }

    @Override // io.netty.handler.ssl.p
    public qm.d a() {
        return this.f32159i;
    }

    @Override // io.netty.handler.ssl.p
    public final List<String> m() {
        return this.f32156f;
    }

    @Override // xm.v
    public final int refCnt() {
        return this.f32162l.refCnt();
    }

    @Override // xm.v
    public final boolean release() {
        return this.f32162l.release();
    }

    @Override // xm.v
    public final boolean release(int i10) {
        return this.f32162l.release(i10);
    }

    @Override // xm.v
    public final v retain() {
        this.f32162l.retain();
        return this;
    }

    @Override // xm.v
    public final v retain(int i10) {
        this.f32162l.retain(i10);
        return this;
    }

    @Override // io.netty.handler.ssl.p
    public final long t0() {
        return this.f32157g;
    }

    @Override // xm.v
    public final v touch() {
        this.f32162l.touch();
        return this;
    }

    @Override // xm.v
    public final v touch(Object obj) {
        this.f32162l.touch(obj);
        return this;
    }

    @Override // io.netty.handler.ssl.p
    public final long v0() {
        return this.f32158h;
    }
}
