package io.netty.handler.ssl;

import io.netty.handler.ssl.a;
import io.netty.internal.tcnative.CertificateVerifier;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* compiled from: ReferenceCountedOpenSslContext.java */
/* loaded from: classes4.dex */
public abstract class z1 extends i2 implements io.netty.util.r {

    /* renamed from: v, reason: collision with root package name */
    public static final Integer f24714v;

    /* renamed from: d, reason: collision with root package name */
    public long f24717d;

    /* renamed from: e, reason: collision with root package name */
    public final List<String> f24718e;

    /* renamed from: f, reason: collision with root package name */
    public final long f24719f;

    /* renamed from: g, reason: collision with root package name */
    public final long f24720g;

    /* renamed from: h, reason: collision with root package name */
    public final q0 f24721h;

    /* renamed from: i, reason: collision with root package name */
    public final int f24722i;

    /* renamed from: j, reason: collision with root package name */
    public final io.netty.util.v<z1> f24723j;

    /* renamed from: k, reason: collision with root package name */
    public final io.netty.util.b f24724k;

    /* renamed from: l, reason: collision with root package name */
    public final Certificate[] f24725l;

    /* renamed from: m, reason: collision with root package name */
    public final f f24726m;

    /* renamed from: n, reason: collision with root package name */
    public final String[] f24727n;

    /* renamed from: o, reason: collision with root package name */
    public final boolean f24728o;

    /* renamed from: p, reason: collision with root package name */
    public final x0 f24729p;

    /* renamed from: q, reason: collision with root package name */
    public final ReadWriteLock f24730q;

    /* renamed from: r, reason: collision with root package name */
    public volatile int f24731r;

    /* renamed from: s, reason: collision with root package name */
    public static final io.netty.util.internal.logging.c f24711s = io.netty.util.internal.logging.d.b(z1.class);

    /* renamed from: t, reason: collision with root package name */
    public static final int f24712t = Math.max(1, io.netty.util.internal.i0.e("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048));

    /* renamed from: u, reason: collision with root package name */
    public static final boolean f24713u = io.netty.util.internal.i0.d("io.netty.handler.ssl.openssl.useTasks", false);

    /* renamed from: w, reason: collision with root package name */
    public static final io.netty.util.s<z1> f24715w = io.netty.util.t.b().c(z1.class);

    /* renamed from: x, reason: collision with root package name */
    public static final q0 f24716x = new b();

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    public class a extends io.netty.util.b {
        public a() {
        }

        @Override // io.netty.util.b
        public void e() {
            z1.this.F();
            if (z1.this.f24723j != null) {
                z1.this.f24723j.b(z1.this);
            }
        }

        @Override // io.netty.util.r
        public io.netty.util.r s(Object obj) {
            if (z1.this.f24723j != null) {
                z1.this.f24723j.c(obj);
            }
            return z1.this;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    public static class b implements q0 {
        @Override // io.netty.handler.ssl.q0
        public a.c a() {
            return a.c.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.netty.handler.ssl.b
        public List<String> b() {
            return Collections.emptyList();
        }

        @Override // io.netty.handler.ssl.q0
        public a.b d() {
            return a.b.ACCEPT;
        }

        @Override // io.netty.handler.ssl.q0
        public a.EnumC1161a protocol() {
            return a.EnumC1161a.NONE;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class c {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f24733a;

        /* renamed from: b, reason: collision with root package name */
        public static final /* synthetic */ int[] f24734b;

        /* renamed from: c, reason: collision with root package name */
        public static final /* synthetic */ int[] f24735c;

        static {
            int[] iArr = new int[a.b.values().length];
            f24735c = iArr;
            try {
                iArr[a.b.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f24735c[a.b.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[a.c.values().length];
            f24734b = iArr2;
            try {
                iArr2[a.c.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f24734b[a.c.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr3 = new int[a.EnumC1161a.values().length];
            f24733a = iArr3;
            try {
                iArr3[a.EnumC1161a.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                f24733a[a.EnumC1161a.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f24733a[a.EnumC1161a.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f24733a[a.EnumC1161a.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    public static abstract class d extends CertificateVerifier {

        /* renamed from: a, reason: collision with root package name */
        public final x0 f24736a;

        public d(x0 x0Var) {
            this.f24736a = x0Var;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    public static final class e implements x0 {

        /* renamed from: a, reason: collision with root package name */
        public final Map<Long, d2> f24737a;

        public e() {
            this.f24737a = io.netty.util.internal.x.j0();
        }

        public /* synthetic */ e(a aVar) {
            this();
        }

        @Override // io.netty.handler.ssl.x0
        public d2 a(long j10) {
            return this.f24737a.remove(Long.valueOf(j10));
        }

        @Override // io.netty.handler.ssl.x0
        public void b(d2 d2Var) {
            this.f24737a.put(Long.valueOf(d2Var.l0()), d2Var);
        }
    }

    static {
        Integer num = null;
        try {
            String b10 = io.netty.util.internal.i0.b("jdk.tls.ephemeralDHKeySize");
            if (b10 != null) {
                try {
                    num = Integer.valueOf(b10);
                } catch (NumberFormatException unused) {
                    f24711s.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + b10);
                }
            }
        } catch (Throwable unused2) {
        }
        f24714v = num;
    }

    public z1(Iterable<String> iterable, io.netty.handler.ssl.e eVar, io.netty.handler.ssl.a aVar, long j10, long j11, int i10, Certificate[] certificateArr, f fVar, String[] strArr, boolean z10, boolean z11, boolean z12) throws SSLException {
        this(iterable, eVar, R(aVar), j10, j11, i10, certificateArr, fVar, strArr, z10, z11, z12);
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    /* JADX WARN: Multi-variable type inference failed */
    public z1(Iterable<String> iterable, io.netty.handler.ssl.e eVar, q0 q0Var, long j10, long j11, int i10, Certificate[] certificateArr, f fVar, String[] strArr, boolean z10, boolean z11, boolean z12) throws SSLException {
        super(z10);
        long j12 = j10;
        long j13 = j11;
        this.f24724k = new a();
        this.f24729p = new e(0 == true ? 1 : 0);
        this.f24730q = new ReentrantReadWriteLock();
        this.f24731r = f24712t;
        p0.d();
        if (z11 && !p0.i()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i10 != 1 && i10 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.f24723j = z12 ? f24715w.l(this) : null;
        this.f24722i = i10;
        this.f24726m = q() ? (f) io.netty.util.internal.v.a(fVar, "clientAuth") : f.NONE;
        this.f24727n = strArr;
        this.f24728o = z11;
        this.f24725l = certificateArr != null ? (Certificate[]) certificateArr.clone() : null;
        List<String> asList = Arrays.asList(((io.netty.handler.ssl.e) io.netty.util.internal.v.a(eVar, "cipherFilter")).a(iterable, p0.f24668c, p0.a()));
        this.f24718e = asList;
        this.f24721h = (q0) io.netty.util.internal.v.a(q0Var, "apn");
        try {
            try {
                this.f24717d = SSLContext.make(p0.j() ? 62 : 30, i10);
                boolean j14 = p0.j();
                StringBuilder sb2 = new StringBuilder();
                StringBuilder sb3 = new StringBuilder();
                try {
                    try {
                        if (asList.isEmpty()) {
                            SSLContext.setCipherSuite(this.f24717d, "", false);
                            if (j14) {
                                SSLContext.setCipherSuite(this.f24717d, "", true);
                            }
                        } else {
                            io.netty.handler.ssl.d.c(asList, sb2, sb3, p0.g());
                            SSLContext.setCipherSuite(this.f24717d, sb2.toString(), false);
                            if (j14) {
                                SSLContext.setCipherSuite(this.f24717d, sb3.toString(), true);
                            }
                        }
                        int options = SSLContext.getOptions(this.f24717d) | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1_3 | SSL.SSL_OP_CIPHER_SERVER_PREFERENCE | SSL.SSL_OP_NO_COMPRESSION | SSL.SSL_OP_NO_TICKET;
                        SSLContext.setOptions(this.f24717d, sb2.length() == 0 ? options | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1 | SSL.SSL_OP_NO_TLSv1_1 | SSL.SSL_OP_NO_TLSv1_2 : options);
                        long j15 = this.f24717d;
                        SSLContext.setMode(j15, SSLContext.getMode(j15) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
                        Integer num = f24714v;
                        if (num != null) {
                            SSLContext.setTmpDHLength(this.f24717d, num.intValue());
                        }
                        List<String> b10 = q0Var.b();
                        if (!b10.isEmpty()) {
                            String[] strArr2 = (String[]) b10.toArray(new String[0]);
                            int K = K(q0Var.a());
                            int i11 = c.f24733a[q0Var.protocol().ordinal()];
                            if (i11 == 1) {
                                SSLContext.setNpnProtos(this.f24717d, strArr2, K);
                            } else if (i11 == 2) {
                                SSLContext.setAlpnProtos(this.f24717d, strArr2, K);
                            } else {
                                if (i11 != 3) {
                                    throw new Error();
                                }
                                SSLContext.setNpnProtos(this.f24717d, strArr2, K);
                                SSLContext.setAlpnProtos(this.f24717d, strArr2, K);
                            }
                        }
                        if (j12 <= 0) {
                            j12 = SSLContext.setSessionCacheSize(this.f24717d, 20480L);
                        }
                        this.f24719f = j12;
                        SSLContext.setSessionCacheSize(this.f24717d, j12);
                        if (j13 <= 0) {
                            j13 = SSLContext.setSessionCacheTimeout(this.f24717d, 300L);
                        }
                        this.f24720g = j13;
                        SSLContext.setSessionCacheTimeout(this.f24717d, j13);
                        if (z11) {
                            SSLContext.enableOcsp(this.f24717d, p());
                        }
                        SSLContext.setUseTasks(this.f24717d, f24713u);
                    } catch (Exception e10) {
                        throw new SSLException("failed to set cipher suite: " + this.f24718e, e10);
                    }
                } catch (SSLException e11) {
                    throw e11;
                }
            } catch (Exception e12) {
                throw new SSLException("failed to create an SSL_CTX", e12);
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    public static X509TrustManager D(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return io.netty.util.internal.x.f0() >= 7 ? r1.c((X509TrustManager) trustManager) : (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static X509KeyManager E(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void F() {
        Lock writeLock = this.f24730q.writeLock();
        writeLock.lock();
        try {
            long j10 = this.f24717d;
            if (j10 != 0) {
                if (this.f24728o) {
                    SSLContext.disableOcsp(j10);
                }
                SSLContext.free(this.f24717d);
                this.f24717d = 0L;
                g1 M = M();
                if (M != null) {
                    M.a();
                }
            }
        } finally {
            writeLock.unlock();
        }
    }

    public static void G(long j10) {
        if (j10 != 0) {
            SSL.freeBIO(j10);
        }
    }

    public static long I(to.j jVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int u12 = jVar.u1();
            if (SSL.bioWrite(newMemBIO, p0.l(jVar) + jVar.v1(), u12) == u12) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.release();
        }
    }

    public static int K(a.c cVar) {
        int i10 = c.f24734b[cVar.ordinal()];
        if (i10 == 1) {
            return 0;
        }
        if (i10 == 2) {
            return 1;
        }
        throw new Error();
    }

    public static b1 L(KeyManagerFactory keyManagerFactory, String str) {
        return keyManagerFactory instanceof q1 ? ((q1) keyManagerFactory).c() : keyManagerFactory instanceof s0 ? ((s0) keyManagerFactory).a(str) : new b1(E(keyManagerFactory.getKeyManagers()), str);
    }

    /* JADX WARN: Removed duplicated region for block: B:27:0x0075  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void N(long r13, java.security.cert.X509Certificate[] r15, java.security.PrivateKey r16, java.lang.String r17) throws javax.net.ssl.SSLException {
        /*
            r12 = r17
            r10 = 0
            r5 = 0
            to.k r3 = to.k.f35665a     // Catch: java.lang.Throwable -> L4e java.lang.Exception -> L54 javax.net.ssl.SSLException -> L61
            r2 = 1
            io.netty.handler.ssl.t1 r5 = io.netty.handler.ssl.w1.h(r3, r2, r15)     // Catch: java.lang.Throwable -> L4e java.lang.Exception -> L54 javax.net.ssl.SSLException -> L61
            io.netty.handler.ssl.t1 r0 = r5.a()     // Catch: java.lang.Throwable -> L50 java.lang.Exception -> L56 javax.net.ssl.SSLException -> L63
            long r8 = O(r3, r0)     // Catch: java.lang.Throwable -> L50 java.lang.Exception -> L56 javax.net.ssl.SSLException -> L63
            io.netty.handler.ssl.t1 r0 = r5.a()     // Catch: java.lang.Throwable -> L45 java.lang.Exception -> L48 javax.net.ssl.SSLException -> L4b
            long r0 = O(r3, r0)     // Catch: java.lang.Throwable -> L45 java.lang.Exception -> L48 javax.net.ssl.SSLException -> L4b
            r4 = r16
            if (r4 == 0) goto L24
            long r10 = P(r3, r4)     // Catch: java.lang.Exception -> L29 javax.net.ssl.SSLException -> L2b java.lang.Throwable -> L67
        L24:
            if (r12 != 0) goto L2d
            java.lang.String r12 = ""
            goto L2d
        L29:
            r4 = move-exception
            goto L59
        L2b:
            r2 = move-exception
            goto L66
        L2d:
            r6 = r13
            io.netty.internal.tcnative.SSLContext.setCertificateBio(r6, r8, r10, r12)     // Catch: java.lang.Exception -> L41 javax.net.ssl.SSLException -> L43 java.lang.Throwable -> L69
            io.netty.internal.tcnative.SSLContext.setCertificateChainBio(r6, r0, r2)     // Catch: java.lang.Exception -> L41 javax.net.ssl.SSLException -> L43 java.lang.Throwable -> L69
            G(r10)
            G(r8)
            G(r0)
            r5.release()
            return
        L41:
            r4 = move-exception
            goto L59
        L43:
            r2 = move-exception
            goto L66
        L45:
            r2 = move-exception
            r0 = r10
            goto L6a
        L48:
            r4 = move-exception
            r0 = r10
            goto L59
        L4b:
            r2 = move-exception
            r0 = r10
            goto L66
        L4e:
            r2 = move-exception
            goto L51
        L50:
            r2 = move-exception
        L51:
            r0 = r10
            r8 = r0
            goto L6a
        L54:
            r4 = move-exception
            goto L57
        L56:
            r4 = move-exception
        L57:
            r0 = r10
            r8 = r0
        L59:
            javax.net.ssl.SSLException r3 = new javax.net.ssl.SSLException     // Catch: java.lang.Throwable -> L67
            java.lang.String r2 = "failed to set certificate and key"
            r3.<init>(r2, r4)     // Catch: java.lang.Throwable -> L67
            throw r3     // Catch: java.lang.Throwable -> L67
        L61:
            r2 = move-exception
            goto L64
        L63:
            r2 = move-exception
        L64:
            r0 = r10
            r8 = r0
        L66:
            throw r2     // Catch: java.lang.Throwable -> L67
        L67:
            r2 = move-exception
            goto L6a
        L69:
            r2 = move-exception
        L6a:
            G(r10)
            G(r8)
            G(r0)
            if (r5 == 0) goto L78
            r5.release()
        L78:
            throw r2
        */
        throw new UnsupportedOperationException("Method not decompiled: io.netty.handler.ssl.z1.N(long, java.security.cert.X509Certificate[], java.security.PrivateKey, java.lang.String):void");
    }

    public static long O(to.k kVar, t1 t1Var) throws Exception {
        try {
            to.j B = t1Var.B();
            if (B.R0()) {
                return I(B.z1());
            }
            to.j f10 = kVar.f(B.u1());
            try {
                f10.Z1(B, B.v1(), B.u1());
                long I = I(f10.z1());
                try {
                    if (t1Var.o()) {
                        o2.q(f10);
                    }
                    return I;
                } finally {
                }
            } catch (Throwable th2) {
                try {
                    if (t1Var.o()) {
                        o2.q(f10);
                    }
                    throw th2;
                } finally {
                }
            }
        } finally {
            t1Var.release();
        }
    }

    public static long P(to.k kVar, PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        t1 j10 = u1.j(kVar, true, privateKey);
        try {
            return O(kVar, j10.a());
        } finally {
            j10.release();
        }
    }

    public static long Q(to.k kVar, X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        t1 h10 = w1.h(kVar, true, x509CertificateArr);
        try {
            return O(kVar, h10.a());
        } finally {
            h10.release();
        }
    }

    public static q0 R(io.netty.handler.ssl.a aVar) {
        if (aVar == null) {
            return f24716x;
        }
        int i10 = c.f24733a[aVar.a().ordinal()];
        if (i10 != 1 && i10 != 2 && i10 != 3) {
            if (i10 == 4) {
                return f24716x;
            }
            throw new Error();
        }
        int i11 = c.f24735c[aVar.b().ordinal()];
        if (i11 != 1 && i11 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + aVar.b() + " behavior");
        }
        int i12 = c.f24734b[aVar.c().ordinal()];
        if (i12 == 1 || i12 == 2) {
            return new v0(aVar);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + aVar.c() + " behavior");
    }

    public static boolean S(X509TrustManager x509TrustManager) {
        return io.netty.util.internal.x.f0() >= 7 && s1.a(x509TrustManager);
    }

    public io.netty.handler.ssl.b C() {
        return this.f24721h;
    }

    public int H() {
        return this.f24731r;
    }

    public SSLEngine J(to.k kVar, String str, int i10, boolean z10) {
        return new d2(this, kVar, str, i10, z10, true);
    }

    public abstract g1 M();

    @Override // io.netty.util.r
    public final io.netty.util.r a() {
        this.f24724k.a();
        return this;
    }

    @Override // io.netty.util.r
    public final int m() {
        return this.f24724k.m();
    }

    @Override // io.netty.handler.ssl.i2
    public final boolean p() {
        return this.f24722i == 0;
    }

    @Override // io.netty.util.r
    public final boolean release() {
        return this.f24724k.release();
    }

    @Override // io.netty.util.r
    public final io.netty.util.r s(Object obj) {
        this.f24724k.s(obj);
        return this;
    }

    @Override // io.netty.handler.ssl.i2
    public final SSLEngine u(to.k kVar, String str, int i10) {
        return J(kVar, str, i10, true);
    }

    @Override // io.netty.handler.ssl.i2
    public final l2 w(to.k kVar, String str, int i10, boolean z10) {
        return new l2(J(kVar, str, i10, false), z10);
    }
}
