package io.netty.handler.ssl;

import g6.m1;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import io.netty.util.ResourceLeakDetector;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import p6.p1;

/* loaded from: classes.dex */
public abstract class u0 extends a1 implements io.netty.util.y {
    public static final Integer C;

    /* renamed from: m, reason: collision with root package name */
    public long f9378m;

    /* renamed from: n, reason: collision with root package name */
    public final List f9379n;

    /* renamed from: o, reason: collision with root package name */
    public final p6.e0 f9380o;

    /* renamed from: p, reason: collision with root package name */
    public final int f9381p;

    /* renamed from: q, reason: collision with root package name */
    public final io.netty.util.e0 f9382q;

    /* renamed from: r, reason: collision with root package name */
    public final io.netty.util.c f9383r;

    /* renamed from: s, reason: collision with root package name */
    public final Certificate[] f9384s;

    /* renamed from: t, reason: collision with root package name */
    public final ClientAuth f9385t;

    /* renamed from: u, reason: collision with root package name */
    public final String[] f9386u;

    /* renamed from: v, reason: collision with root package name */
    public final boolean f9387v;

    /* renamed from: w, reason: collision with root package name */
    public final m1 f9388w;

    /* renamed from: x, reason: collision with root package name */
    public final ReadWriteLock f9389x;

    /* renamed from: y, reason: collision with root package name */
    public volatile int f9390y;

    /* renamed from: z, reason: collision with root package name */
    public static final u6.a f9377z = android.support.v4.media.session.h.b(u0.class.getName());
    public static final int A = Math.max(1, t6.b0.d("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048));
    public static final boolean B = t6.b0.c("io.netty.handler.ssl.openssl.useTasks", false);
    public static final ResourceLeakDetector D = io.netty.util.c0.f9443c.a(u0.class);
    public static final boolean E = t6.b0.c("jdk.tls.client.enableSessionTicketExtension", false);
    public static final boolean F = t6.b0.c("jdk.tls.client.enableSessionTicketExtension", true);
    public static final boolean G = t6.b0.c("jdk.tls.server.enableSessionTicketExtension", false);
    public static final boolean H = t6.b0.c("jdk.tls.server.enableSessionTicketExtension", true);
    public static final boolean I = t6.b0.c("io.netty.handler.ssl.openssl.sessionCacheServer", true);
    public static final boolean J = t6.b0.c("io.netty.handler.ssl.openssl.sessionCacheClient", false);
    public static final p6.e0 K = new p6.g1();

    static {
        Integer num = null;
        try {
            String b9 = t6.b0.b("jdk.tls.ephemeralDHKeySize", null);
            if (b9 != null) {
                try {
                    num = Integer.valueOf(b9);
                } catch (NumberFormatException unused) {
                    f9377z.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + b9);
                }
            }
        } catch (Throwable unused2) {
        }
        C = num;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public u0(Iterable iterable, p6.d dVar, p6.e0 e0Var, int i9, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z8, boolean z9, boolean z10, Map.Entry... entryArr) throws SSLException {
        super(z8);
        ClientAuth clientAuth2;
        this.f9383r = new p6.f1(this);
        p6.n0 n0Var = null;
        this.f9388w = new m1((p6.f1) (0 == true ? 1 : 0));
        this.f9389x = new ReentrantReadWriteLock();
        this.f9390y = A;
        Throwable th = b0.f9287b;
        if (th != null) {
            throw ((Error) new UnsatisfiedLinkError("failed to load the required native library").initCause(th));
        }
        if (z9 && !b0.f9293h) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i9 != 1 && i9 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        boolean z11 = B;
        int i10 = 0;
        if (entryArr != null) {
            for (Map.Entry entry : entryArr) {
                p1 p1Var = (p1) entry.getKey();
                if (p1Var == p6.j0.f11596r) {
                    ((Boolean) entry.getValue()).booleanValue();
                } else if (p1Var == p6.j0.f11595q) {
                    z11 = ((Boolean) entry.getValue()).booleanValue();
                } else if (p1Var == p6.j0.f11597s) {
                    n0Var = (p6.n0) entry.getValue();
                } else {
                    u6.a aVar = f9377z;
                    StringBuilder a9 = android.support.v4.media.f.a("Skipping unsupported ");
                    a9.append(p1.class.getSimpleName());
                    a9.append(": ");
                    a9.append(entry.getKey());
                    aVar.debug(a9.toString());
                }
            }
        } else {
            n0Var = null;
        }
        this.f9382q = z10 ? D.c(this) : null;
        this.f9381p = i9;
        if (f()) {
            Objects.requireNonNull(clientAuth, "clientAuth");
            clientAuth2 = clientAuth;
        } else {
            clientAuth2 = ClientAuth.NONE;
        }
        this.f9385t = clientAuth2;
        this.f9386u = strArr;
        this.f9387v = z9;
        this.f9384s = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        Objects.requireNonNull(dVar, "cipherFilter");
        List asList = Arrays.asList(dVar.a(iterable, b0.f9288c, b0.f9291f));
        this.f9379n = asList;
        Objects.requireNonNull(e0Var, "apn");
        this.f9380o = e0Var;
        try {
            boolean z12 = b0.f9294i;
            try {
                this.f9378m = SSLContext.make(z12 ? 62 : 30, i9);
                StringBuilder sb = new StringBuilder();
                StringBuilder sb2 = new StringBuilder();
                try {
                    if (asList.isEmpty()) {
                        SSLContext.setCipherSuite(this.f9378m, "", false);
                        if (z12) {
                            SSLContext.setCipherSuite(this.f9378m, "", true);
                        }
                    } else {
                        p6.c.a(asList, sb, sb2, b0.f9295j);
                        SSLContext.setCipherSuite(this.f9378m, sb.toString(), false);
                        if (z12) {
                            SSLContext.setCipherSuite(this.f9378m, sb2.toString(), true);
                        }
                    }
                    int options = SSLContext.getOptions(this.f9378m) | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_CIPHER_SERVER_PREFERENCE | SSL.SSL_OP_NO_COMPRESSION | SSL.SSL_OP_NO_TICKET;
                    SSLContext.setOptions(this.f9378m, sb.length() == 0 ? options | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1 | SSL.SSL_OP_NO_TLSv1_1 | SSL.SSL_OP_NO_TLSv1_2 : options);
                    long j9 = this.f9378m;
                    SSLContext.setMode(j9, SSLContext.getMode(j9) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
                    Integer num = C;
                    if (num != null) {
                        SSLContext.setTmpDHLength(this.f9378m, num.intValue());
                    }
                    List d9 = e0Var.d();
                    if (!d9.isEmpty()) {
                        String[] strArr2 = (String[]) d9.toArray(new String[0]);
                        int i11 = p6.h1.f11589b[e0Var.b().ordinal()];
                        if (i11 != 1) {
                            if (i11 != 2) {
                                throw new Error();
                            }
                            i10 = 1;
                        }
                        int i12 = p6.h1.f11588a[e0Var.c().ordinal()];
                        if (i12 == 1) {
                            SSLContext.setNpnProtos(this.f9378m, strArr2, i10);
                        } else if (i12 == 2) {
                            SSLContext.setAlpnProtos(this.f9378m, strArr2, i10);
                        } else {
                            if (i12 != 3) {
                                throw new Error();
                            }
                            SSLContext.setNpnProtos(this.f9378m, strArr2, i10);
                            SSLContext.setAlpnProtos(this.f9378m, strArr2, i10);
                        }
                    }
                    if (z9) {
                        SSLContext.enableOcsp(this.f9378m, e());
                    }
                    SSLContext.setUseTasks(this.f9378m, z11);
                    if (n0Var != null) {
                        SSLContext.setPrivateKeyMethod(this.f9378m, new t0(this.f9388w, n0Var));
                    }
                } catch (SSLException e9) {
                    throw e9;
                } catch (Exception e10) {
                    throw new SSLException("failed to set cipher suite: " + this.f9379n, e10);
                }
            } catch (Exception e11) {
                throw new SSLException("failed to create an SSL_CTX", e11);
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    public static X509TrustManager l(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                u6.a aVar = io.netty.util.internal.j.f9539a;
                if (io.netty.util.internal.i.f9531h < 7) {
                    return (X509TrustManager) trustManager;
                }
                return p6.z0.f11652b.a((X509TrustManager) trustManager);
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static X509KeyManager m(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    public static void o(long j9) {
        if (j9 != 0) {
            SSL.freeBIO(j9);
        }
    }

    public static long p(f6.m mVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int U0 = mVar.U0();
            if (SSL.bioWrite(newMemBIO, b0.f(mVar) + mVar.V0(), U0) == U0) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            mVar.release();
        }
    }

    public static g0 r(KeyManagerFactory keyManagerFactory, String str) {
        if (keyManagerFactory instanceof p6.v0) {
            o4.e0 e0Var = ((p6.v0) keyManagerFactory).f11633a.f9360b;
            if (e0Var != null) {
                return new p6.u0((X509KeyManager) e0Var.f11058m, (String) e0Var.f11059n, (Iterable) e0Var.f11060o);
            }
            throw new IllegalStateException("engineInit(...) not called yet");
        }
        if (!(keyManagerFactory instanceof p6.g0)) {
            return new g0(m(keyManagerFactory.getKeyManagers()), str);
        }
        p6.g0 g0Var = (p6.g0) keyManagerFactory;
        X509KeyManager m9 = m(g0Var.getKeyManagers());
        return "sun.security.ssl.X509KeyManagerImpl".equals(m9.getClass().getName()) ? new g0(m9, str) : new p6.f0(m(g0Var.getKeyManagers()), str, g0Var.f11584a);
    }

    public static void t(long j9, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j10;
        long j11;
        long j12 = 0;
        p6.a1 a1Var = null;
        try {
            try {
                f6.n nVar = f6.n.f7556a;
                a1Var = PemX509Certificate.toPEM(nVar, true, x509CertificateArr);
                j11 = v(nVar, a1Var.retain());
                try {
                    long v8 = v(nVar, a1Var.retain());
                    if (privateKey != null) {
                        try {
                            j12 = u(nVar, privateKey);
                        } catch (SSLException e9) {
                            throw e9;
                        } catch (Exception e10) {
                            e = e10;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j9, j11, j12, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j9, v8, true);
                        o(j12);
                        o(j11);
                        o(v8);
                        a1Var.release();
                    } catch (SSLException e11) {
                        throw e11;
                    } catch (Exception e12) {
                        e = e12;
                        throw new SSLException("failed to set certificate and key", e);
                    } catch (Throwable th) {
                        th = th;
                        j10 = v8;
                        o(j12);
                        o(j11);
                        o(j10);
                        if (a1Var != null) {
                            a1Var.release();
                        }
                        throw th;
                    }
                } catch (SSLException e13) {
                    throw e13;
                } catch (Exception e14) {
                    e = e14;
                } catch (Throwable th2) {
                    th = th2;
                    j10 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e15) {
            throw e15;
        } catch (Exception e16) {
            e = e16;
        } catch (Throwable th4) {
            th = th4;
            j10 = 0;
            j11 = 0;
        }
    }

    public static long u(f6.n nVar, PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        p6.a1 pem = PemPrivateKey.toPEM(nVar, true, privateKey);
        try {
            return v(nVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    public static long v(f6.n nVar, p6.a1 a1Var) throws Exception {
        try {
            f6.m content = a1Var.content();
            if (content.l0()) {
                return p(content.b1());
            }
            f6.m h9 = ((f6.c) nVar).h(content.U0());
            try {
                h9.B1(content, content.V0(), content.U0());
                long p9 = p(h9.b1());
                try {
                    if (a1Var.isSensitive()) {
                        j1.l(h9);
                    }
                    return p9;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (a1Var.isSensitive()) {
                        j1.l(h9);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            a1Var.release();
        }
    }

    public static long w(f6.n nVar, X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        p6.a1 pem = PemX509Certificate.toPEM(nVar, true, x509CertificateArr);
        try {
            return v(nVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    public static p6.e0 x(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return K;
        }
        int i9 = p6.h1.f11588a[applicationProtocolConfig.f9280b.ordinal()];
        if (i9 != 1 && i9 != 2 && i9 != 3) {
            if (i9 == 4) {
                return K;
            }
            throw new Error();
        }
        int i10 = p6.h1.f11590c[applicationProtocolConfig.f9282d.ordinal()];
        if (i10 != 1 && i10 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.f9282d + " behavior");
        }
        int i11 = p6.h1.f11589b[applicationProtocolConfig.f9281c.ordinal()];
        if (i11 == 1 || i11 == 2) {
            return new p6.k0(applicationProtocolConfig);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.f9281c + " behavior");
    }

    @Override // io.netty.handler.ssl.a1
    public p6.b a() {
        return this.f9380o;
    }

    @Override // io.netty.handler.ssl.a1
    public final boolean e() {
        return this.f9381p == 0;
    }

    @Override // io.netty.handler.ssl.a1
    public final SSLEngine i(f6.n nVar, String str, int i9) {
        return q(nVar, str, i9, true);
    }

    public final void n() {
        Lock writeLock = this.f9389x.writeLock();
        writeLock.lock();
        try {
            long j9 = this.f9378m;
            if (j9 != 0) {
                if (this.f9387v) {
                    SSLContext.disableOcsp(j9);
                }
                SSLContext.free(this.f9378m);
                this.f9378m = 0L;
                l0 s8 = s();
                if (s8 != null) {
                    g0 g0Var = s8.f9351a;
                    if (g0Var != null) {
                        g0Var.b();
                    }
                    s8.f9353c.a();
                }
            }
        } finally {
            writeLock.unlock();
        }
    }

    public SSLEngine q(f6.n nVar, String str, int i9, boolean z8) {
        return new x0(this, nVar, str, i9, z8, true);
    }

    @Override // io.netty.util.y
    public final int refCnt() {
        return this.f9383r.refCnt();
    }

    @Override // io.netty.util.y
    public final boolean release() {
        return this.f9383r.release();
    }

    @Override // io.netty.util.y
    public final io.netty.util.y retain() {
        this.f9383r.retain();
        return this;
    }

    public abstract l0 s();

    @Override // io.netty.util.y
    public final io.netty.util.y touch(Object obj) {
        this.f9383r.touch(obj);
        return this;
    }
}
