package io.netty.handler.ssl;

import io.netty.handler.ssl.a;
import io.netty.internal.tcnative.CertificateVerifier;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* compiled from: ReferenceCountedOpenSslContext.java */
/* loaded from: classes5.dex */
public abstract class z1 extends i2 implements io.netty.util.r {

    /* renamed from: v, reason: collision with root package name */
    private static final Integer f30951v;

    /* renamed from: d, reason: collision with root package name */
    protected long f30954d;

    /* renamed from: e, reason: collision with root package name */
    private final List<String> f30955e;

    /* renamed from: f, reason: collision with root package name */
    private final long f30956f;

    /* renamed from: g, reason: collision with root package name */
    private final long f30957g;

    /* renamed from: h, reason: collision with root package name */
    private final q0 f30958h;

    /* renamed from: i, reason: collision with root package name */
    private final int f30959i;

    /* renamed from: j, reason: collision with root package name */
    private final io.netty.util.v<z1> f30960j;

    /* renamed from: k, reason: collision with root package name */
    private final io.netty.util.b f30961k;

    /* renamed from: l, reason: collision with root package name */
    final Certificate[] f30962l;

    /* renamed from: m, reason: collision with root package name */
    final f f30963m;

    /* renamed from: n, reason: collision with root package name */
    final String[] f30964n;

    /* renamed from: o, reason: collision with root package name */
    final boolean f30965o;

    /* renamed from: p, reason: collision with root package name */
    final x0 f30966p;

    /* renamed from: q, reason: collision with root package name */
    final ReadWriteLock f30967q;

    /* renamed from: r, reason: collision with root package name */
    private volatile int f30968r;

    /* renamed from: s, reason: collision with root package name */
    private static final io.netty.util.internal.logging.c f30948s = io.netty.util.internal.logging.d.b(z1.class);

    /* renamed from: t, reason: collision with root package name */
    private static final int f30949t = Math.max(1, io.netty.util.internal.i0.e("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048));

    /* renamed from: u, reason: collision with root package name */
    static final boolean f30950u = io.netty.util.internal.i0.d("io.netty.handler.ssl.openssl.useTasks", false);

    /* renamed from: w, reason: collision with root package name */
    private static final io.netty.util.s<z1> f30952w = io.netty.util.t.b().c(z1.class);

    /* renamed from: x, reason: collision with root package name */
    static final q0 f30953x = new b();

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    class a extends io.netty.util.b {
        a() {
        }

        @Override // io.netty.util.b
        protected void e() {
            z1.this.F();
            if (z1.this.f30960j != null) {
                z1.this.f30960j.b(z1.this);
            }
        }

        @Override // io.netty.util.r
        public io.netty.util.r p(Object obj) {
            if (z1.this.f30960j != null) {
                z1.this.f30960j.c(obj);
            }
            return z1.this;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    static class b implements q0 {
        b() {
        }

        @Override // io.netty.handler.ssl.q0
        public a.c a() {
            return a.c.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.netty.handler.ssl.q0
        public a.b c() {
            return a.b.ACCEPT;
        }

        @Override // io.netty.handler.ssl.b
        public List<String> e() {
            return Collections.emptyList();
        }

        @Override // io.netty.handler.ssl.q0
        public a.EnumC2009a protocol() {
            return a.EnumC2009a.NONE;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    public static /* synthetic */ class c {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f30970a;

        /* renamed from: b, reason: collision with root package name */
        static final /* synthetic */ int[] f30971b;

        /* renamed from: c, reason: collision with root package name */
        static final /* synthetic */ int[] f30972c;

        static {
            int[] iArr = new int[a.b.values().length];
            f30972c = iArr;
            try {
                iArr[a.b.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f30972c[a.b.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[a.c.values().length];
            f30971b = iArr2;
            try {
                iArr2[a.c.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f30971b[a.c.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr3 = new int[a.EnumC2009a.values().length];
            f30970a = iArr3;
            try {
                iArr3[a.EnumC2009a.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                f30970a[a.EnumC2009a.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f30970a[a.EnumC2009a.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f30970a[a.EnumC2009a.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    static abstract class d extends CertificateVerifier {

        /* renamed from: a, reason: collision with root package name */
        private final x0 f30973a;

        /* JADX INFO: Access modifiers changed from: package-private */
        public d(x0 x0Var) {
            this.f30973a = x0Var;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes5.dex */
    private static final class e implements x0 {

        /* renamed from: a, reason: collision with root package name */
        private final Map<Long, d2> f30974a;

        private e() {
            this.f30974a = io.netty.util.internal.x.j0();
        }

        /* synthetic */ e(a aVar) {
            this();
        }

        @Override // io.netty.handler.ssl.x0
        public d2 a(long j10) {
            return this.f30974a.remove(Long.valueOf(j10));
        }

        @Override // io.netty.handler.ssl.x0
        public void b(d2 d2Var) {
            this.f30974a.put(Long.valueOf(d2Var.l0()), d2Var);
        }
    }

    static {
        Integer num = null;
        try {
            String b10 = io.netty.util.internal.i0.b("jdk.tls.ephemeralDHKeySize");
            if (b10 != null) {
                try {
                    num = Integer.valueOf(b10);
                } catch (NumberFormatException unused) {
                    f30948s.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + b10);
                }
            }
        } catch (Throwable unused2) {
        }
        f30951v = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public z1(Iterable<String> iterable, io.netty.handler.ssl.e eVar, io.netty.handler.ssl.a aVar, long j10, long j11, int i10, Certificate[] certificateArr, f fVar, String[] strArr, boolean z10, boolean z11, boolean z12) throws SSLException {
        this(iterable, eVar, R(aVar), j10, j11, i10, certificateArr, fVar, strArr, z10, z11, z12);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public z1(Iterable<String> iterable, io.netty.handler.ssl.e eVar, q0 q0Var, long j10, long j11, int i10, Certificate[] certificateArr, f fVar, String[] strArr, boolean z10, boolean z11, boolean z12) throws SSLException {
        super(z10);
        this.f30961k = new a();
        this.f30966p = new e(0 == true ? 1 : 0);
        this.f30967q = new ReentrantReadWriteLock();
        this.f30968r = f30949t;
        p0.d();
        if (z11 && !p0.i()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i10 != 1 && i10 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.f30960j = z12 ? f30952w.l(this) : null;
        this.f30959i = i10;
        this.f30963m = m() ? (f) io.netty.util.internal.v.a(fVar, "clientAuth") : f.NONE;
        this.f30964n = strArr;
        this.f30965o = z11;
        this.f30962l = certificateArr != null ? (Certificate[]) certificateArr.clone() : null;
        List<String> asList = Arrays.asList(((io.netty.handler.ssl.e) io.netty.util.internal.v.a(eVar, "cipherFilter")).a(iterable, p0.f30905c, p0.a()));
        this.f30955e = asList;
        this.f30958h = (q0) io.netty.util.internal.v.a(q0Var, "apn");
        try {
            try {
                this.f30954d = SSLContext.make(p0.j() ? 62 : 30, i10);
                boolean j12 = p0.j();
                StringBuilder sb2 = new StringBuilder();
                StringBuilder sb3 = new StringBuilder();
                try {
                    try {
                        if (asList.isEmpty()) {
                            SSLContext.setCipherSuite(this.f30954d, "", false);
                            if (j12) {
                                SSLContext.setCipherSuite(this.f30954d, "", true);
                            }
                        } else {
                            io.netty.handler.ssl.d.c(asList, sb2, sb3, p0.g());
                            SSLContext.setCipherSuite(this.f30954d, sb2.toString(), false);
                            if (j12) {
                                SSLContext.setCipherSuite(this.f30954d, sb3.toString(), true);
                            }
                        }
                        int options = SSLContext.getOptions(this.f30954d) | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1_3 | SSL.SSL_OP_CIPHER_SERVER_PREFERENCE | SSL.SSL_OP_NO_COMPRESSION | SSL.SSL_OP_NO_TICKET;
                        SSLContext.setOptions(this.f30954d, sb2.length() == 0 ? options | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1 | SSL.SSL_OP_NO_TLSv1_1 | SSL.SSL_OP_NO_TLSv1_2 : options);
                        long j13 = this.f30954d;
                        SSLContext.setMode(j13, SSLContext.getMode(j13) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
                        Integer num = f30951v;
                        if (num != null) {
                            SSLContext.setTmpDHLength(this.f30954d, num.intValue());
                        }
                        List<String> e10 = q0Var.e();
                        if (!e10.isEmpty()) {
                            String[] strArr2 = (String[]) e10.toArray(new String[0]);
                            int K = K(q0Var.a());
                            int i11 = c.f30970a[q0Var.protocol().ordinal()];
                            if (i11 == 1) {
                                SSLContext.setNpnProtos(this.f30954d, strArr2, K);
                            } else if (i11 == 2) {
                                SSLContext.setAlpnProtos(this.f30954d, strArr2, K);
                            } else {
                                if (i11 != 3) {
                                    throw new Error();
                                }
                                SSLContext.setNpnProtos(this.f30954d, strArr2, K);
                                SSLContext.setAlpnProtos(this.f30954d, strArr2, K);
                            }
                        }
                        long sessionCacheSize = j10 <= 0 ? SSLContext.setSessionCacheSize(this.f30954d, 20480L) : j10;
                        this.f30956f = sessionCacheSize;
                        SSLContext.setSessionCacheSize(this.f30954d, sessionCacheSize);
                        long sessionCacheTimeout = j11 <= 0 ? SSLContext.setSessionCacheTimeout(this.f30954d, 300L) : j11;
                        this.f30957g = sessionCacheTimeout;
                        SSLContext.setSessionCacheTimeout(this.f30954d, sessionCacheTimeout);
                        if (z11) {
                            SSLContext.enableOcsp(this.f30954d, l());
                        }
                        SSLContext.setUseTasks(this.f30954d, f30950u);
                    } catch (SSLException e11) {
                        throw e11;
                    }
                } catch (Exception e12) {
                    throw new SSLException("failed to set cipher suite: " + this.f30955e, e12);
                }
            } catch (Exception e13) {
                throw new SSLException("failed to create an SSL_CTX", e13);
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager C(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return io.netty.util.internal.x.f0() >= 7 ? r1.c((X509TrustManager) trustManager) : (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager D(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void F() {
        Lock writeLock = this.f30967q.writeLock();
        writeLock.lock();
        try {
            long j10 = this.f30954d;
            if (j10 != 0) {
                if (this.f30965o) {
                    SSLContext.disableOcsp(j10);
                }
                SSLContext.free(this.f30954d);
                this.f30954d = 0L;
                g1 M = M();
                if (M != null) {
                    M.a();
                }
            }
        } finally {
            writeLock.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void G(long j10) {
        if (j10 != 0) {
            SSL.freeBIO(j10);
        }
    }

    private static long I(oo.j jVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int m12 = jVar.m1();
            if (SSL.bioWrite(newMemBIO, p0.l(jVar) + jVar.n1(), m12) == m12) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.release();
        }
    }

    private static int K(a.c cVar) {
        int i10 = c.f30971b[cVar.ordinal()];
        if (i10 == 1) {
            return 0;
        }
        if (i10 == 2) {
            return 1;
        }
        throw new Error();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static b1 L(KeyManagerFactory keyManagerFactory, String str) {
        return keyManagerFactory instanceof q1 ? ((q1) keyManagerFactory).c() : keyManagerFactory instanceof s0 ? ((s0) keyManagerFactory).a(str) : new b1(D(keyManagerFactory.getKeyManagers()), str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Removed duplicated region for block: B:31:0x0097  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void N(long r16, java.security.cert.X509Certificate[] r18, java.security.PrivateKey r19, java.lang.String r20) throws javax.net.ssl.SSLException {
        /*
            r0 = r19
            r1 = 0
            r3 = 0
            oo.k r4 = oo.k.f37907a     // Catch: java.lang.Throwable -> L78 java.lang.Exception -> L7c javax.net.ssl.SSLException -> L87
            r5 = 1
            r6 = r18
            io.netty.handler.ssl.t1 r3 = io.netty.handler.ssl.w1.g(r4, r5, r6)     // Catch: java.lang.Throwable -> L78 java.lang.Exception -> L7c javax.net.ssl.SSLException -> L87
            io.netty.handler.ssl.t1 r6 = r3.a()     // Catch: java.lang.Throwable -> L6c java.lang.Exception -> L70 javax.net.ssl.SSLException -> L74
            long r14 = O(r4, r6)     // Catch: java.lang.Throwable -> L6c java.lang.Exception -> L70 javax.net.ssl.SSLException -> L74
            io.netty.handler.ssl.t1 r6 = r3.a()     // Catch: java.lang.Throwable -> L5d java.lang.Exception -> L62 javax.net.ssl.SSLException -> L67
            long r11 = O(r4, r6)     // Catch: java.lang.Throwable -> L5d java.lang.Exception -> L62 javax.net.ssl.SSLException -> L67
            if (r0 == 0) goto L24
            long r1 = P(r4, r0)     // Catch: java.lang.Exception -> L2a javax.net.ssl.SSLException -> L2d java.lang.Throwable -> L8b
        L24:
            if (r20 != 0) goto L30
            java.lang.String r0 = ""
            r13 = r0
            goto L32
        L2a:
            r0 = move-exception
            goto L7f
        L2d:
            r0 = move-exception
            goto L8a
        L30:
            r13 = r20
        L32:
            r7 = r16
            r9 = r14
            r18 = r3
            r3 = r11
            r11 = r1
            io.netty.internal.tcnative.SSLContext.setCertificateBio(r7, r9, r11, r13)     // Catch: java.lang.Throwable -> L4e java.lang.Exception -> L53 javax.net.ssl.SSLException -> L58
            r6 = r16
            io.netty.internal.tcnative.SSLContext.setCertificateChainBio(r6, r3, r5)     // Catch: java.lang.Throwable -> L4e java.lang.Exception -> L53 javax.net.ssl.SSLException -> L58
            G(r1)
            G(r14)
            G(r3)
            r18.release()
            return
        L4e:
            r0 = move-exception
            r11 = r3
            r3 = r18
            goto L8c
        L53:
            r0 = move-exception
            r11 = r3
            r3 = r18
            goto L7f
        L58:
            r0 = move-exception
            r11 = r3
            r3 = r18
            goto L8a
        L5d:
            r0 = move-exception
            r18 = r3
            r11 = r1
            goto L8c
        L62:
            r0 = move-exception
            r18 = r3
            r11 = r1
            goto L7f
        L67:
            r0 = move-exception
            r18 = r3
            r11 = r1
            goto L8a
        L6c:
            r0 = move-exception
            r18 = r3
            goto L79
        L70:
            r0 = move-exception
            r18 = r3
            goto L7d
        L74:
            r0 = move-exception
            r18 = r3
            goto L88
        L78:
            r0 = move-exception
        L79:
            r11 = r1
            r14 = r11
            goto L8c
        L7c:
            r0 = move-exception
        L7d:
            r11 = r1
            r14 = r11
        L7f:
            javax.net.ssl.SSLException r4 = new javax.net.ssl.SSLException     // Catch: java.lang.Throwable -> L8b
            java.lang.String r5 = "failed to set certificate and key"
            r4.<init>(r5, r0)     // Catch: java.lang.Throwable -> L8b
            throw r4     // Catch: java.lang.Throwable -> L8b
        L87:
            r0 = move-exception
        L88:
            r11 = r1
            r14 = r11
        L8a:
            throw r0     // Catch: java.lang.Throwable -> L8b
        L8b:
            r0 = move-exception
        L8c:
            G(r1)
            G(r14)
            G(r11)
            if (r3 == 0) goto L9a
            r3.release()
        L9a:
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: io.netty.handler.ssl.z1.N(long, java.security.cert.X509Certificate[], java.security.PrivateKey, java.lang.String):void");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long O(oo.k kVar, t1 t1Var) throws Exception {
        try {
            oo.j s10 = t1Var.s();
            if (s10.I0()) {
                return I(s10.r1());
            }
            oo.j h10 = kVar.h(s10.m1());
            try {
                h10.R1(s10, s10.n1(), s10.m1());
                long I = I(h10.r1());
                try {
                    if (t1Var.E()) {
                        o2.q(h10);
                    }
                    return I;
                } finally {
                }
            } catch (Throwable th2) {
                try {
                    if (t1Var.E()) {
                        o2.q(h10);
                    }
                    throw th2;
                } finally {
                }
            }
        } finally {
            t1Var.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long P(oo.k kVar, PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        t1 j10 = u1.j(kVar, true, privateKey);
        try {
            return O(kVar, j10.a());
        } finally {
            j10.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long Q(oo.k kVar, X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        t1 g10 = w1.g(kVar, true, x509CertificateArr);
        try {
            return O(kVar, g10.a());
        } finally {
            g10.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static q0 R(io.netty.handler.ssl.a aVar) {
        if (aVar == null) {
            return f30953x;
        }
        int i10 = c.f30970a[aVar.a().ordinal()];
        if (i10 != 1 && i10 != 2 && i10 != 3) {
            if (i10 == 4) {
                return f30953x;
            }
            throw new Error();
        }
        int i11 = c.f30972c[aVar.b().ordinal()];
        if (i11 != 1 && i11 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + aVar.b() + " behavior");
        }
        int i12 = c.f30971b[aVar.c().ordinal()];
        if (i12 == 1 || i12 == 2) {
            return new v0(aVar);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + aVar.c() + " behavior");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean S(X509TrustManager x509TrustManager) {
        return io.netty.util.internal.x.f0() >= 7 && s1.a(x509TrustManager);
    }

    public io.netty.handler.ssl.b B() {
        return this.f30958h;
    }

    public int H() {
        return this.f30968r;
    }

    SSLEngine J(oo.k kVar, String str, int i10, boolean z10) {
        return new d2(this, kVar, str, i10, z10, true);
    }

    public abstract g1 M();

    @Override // io.netty.util.r
    public final io.netty.util.r a() {
        this.f30961k.a();
        return this;
    }

    @Override // io.netty.util.r
    public final int d() {
        return this.f30961k.d();
    }

    @Override // io.netty.handler.ssl.i2
    public final boolean l() {
        return this.f30959i == 0;
    }

    @Override // io.netty.util.r
    public final io.netty.util.r p(Object obj) {
        this.f30961k.p(obj);
        return this;
    }

    @Override // io.netty.handler.ssl.i2
    public final SSLEngine q(oo.k kVar, String str, int i10) {
        return J(kVar, str, i10, true);
    }

    @Override // io.netty.util.r
    public final boolean release() {
        return this.f30961k.release();
    }

    @Override // io.netty.handler.ssl.i2
    protected final l2 t(oo.k kVar, String str, int i10, boolean z10) {
        return new l2(J(kVar, str, i10, false), z10);
    }
}
