package io.netty.handler.ssl;

import io.netty.handler.ssl.k1;
import io.netty.internal.tcnative.CertificateCallback;
import io.netty.internal.tcnative.SSLContext;
import io.netty.internal.tcnative.SniHostNameMatcher;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;

/* compiled from: ReferenceCountedOpenSslServerContext.java */
/* loaded from: classes4.dex */
public final class m1 extends k1 {
    private static final io.netty.util.internal.logging.d B = io.netty.util.internal.logging.e.b(m1.class);
    private static final byte[] C = {110, 101, 116, 116, 121};
    private final v0 A;

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslServerContext.java */
    @io.netty.util.internal.h0(reason = "Usage guarded by java version check")
    /* loaded from: classes4.dex */
    public static final class a extends k1.d {
        private final X509ExtendedTrustManager b;

        a(m0 m0Var, X509ExtendedTrustManager x509ExtendedTrustManager) {
            super(m0Var);
            this.b = a1.a(x509ExtendedTrustManager);
        }

        @Override // io.netty.handler.ssl.k1.d
        void c(l1 l1Var, X509Certificate[] x509CertificateArr, String str) throws Exception {
            this.b.checkClientTrusted(x509CertificateArr, str, l1Var);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslServerContext.java */
    /* loaded from: classes4.dex */
    public static final class b implements CertificateCallback {
        private final m0 a;
        private final p0 b;

        b(m0 m0Var, p0 p0Var) {
            this.a = m0Var;
            this.b = p0Var;
        }

        public void a(long j2, byte[] bArr, byte[][] bArr2) throws Exception {
            l1 R = this.a.R(j2);
            if (R == null) {
                return;
            }
            try {
                this.b.e(R);
            } catch (Throwable th) {
                m1.B.d("Failed to set the server-side key material", th);
                R.S(th);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslServerContext.java */
    /* loaded from: classes4.dex */
    public static final class c implements SniHostNameMatcher {
        private final m0 a;

        c(m0 m0Var) {
            this.a = m0Var;
        }

        public boolean a(long j2, String str) {
            l1 R = this.a.R(j2);
            if (R != null) {
                return R.E(str.getBytes(io.netty.util.k.d));
            }
            m1.B.u("No ReferenceCountedOpenSslEngine found for SSL pointer: {}", Long.valueOf(j2));
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslServerContext.java */
    /* loaded from: classes4.dex */
    public static final class d extends k1.d {
        private final X509TrustManager b;

        d(m0 m0Var, X509TrustManager x509TrustManager) {
            super(m0Var);
            this.b = x509TrustManager;
        }

        @Override // io.netty.handler.ssl.k1.d
        void c(l1 l1Var, X509Certificate[] x509CertificateArr, String str) throws Exception {
            this.b.checkClientTrusted(x509CertificateArr, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public m1(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, h hVar, ApplicationProtocolConfig applicationProtocolConfig, long j2, long j3, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2, String str2) throws SSLException {
        this(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, hVar, k1.x1(applicationProtocolConfig), j2, j3, clientAuth, strArr, z, z2, str2);
    }

    m1(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, h hVar, f0 f0Var, long j2, long j3, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2, String str2) throws SSLException {
        super(iterable, hVar, f0Var, j2, j3, 1, (Certificate[]) x509CertificateArr2, clientAuth, strArr, z, z2, true);
        try {
            this.A = A1(this, this.e, this.f8580q, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, str2);
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static v0 A1(k1 k1Var, long j2, m0 m0Var, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, String str2) throws SSLException {
        q0 j1;
        q0 q0Var = null;
        try {
            try {
                SSLContext.setVerify(j2, 0, 10);
                if (e0.u()) {
                    if (keyManagerFactory == null) {
                        char[] w = t1.w(str);
                        KeyStore h2 = t1.h(x509CertificateArr2, privateKey, w, str2);
                        KeyManagerFactory c1Var = h2.aliases().hasMoreElements() ? new c1() : new h0(KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()));
                        c1Var.init(h2, w);
                        keyManagerFactory = c1Var;
                    }
                    j1 = k1.j1(keyManagerFactory, str);
                    try {
                        try {
                            SSLContext.setCertificateCallback(j2, new b(m0Var, new p0(j1)));
                        } catch (Exception e) {
                            e = e;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    } catch (Throwable th) {
                        th = th;
                        q0Var = j1;
                        if (q0Var != null) {
                            q0Var.b();
                        }
                        throw th;
                    }
                } else {
                    if (keyManagerFactory != null) {
                        throw new IllegalArgumentException("KeyManagerFactory not supported");
                    }
                    io.netty.util.internal.u.c(x509CertificateArr2, "keyCertChain");
                    k1.m1(j2, x509CertificateArr2, privateKey, str);
                    j1 = null;
                }
                try {
                    if (x509CertificateArr != null) {
                        trustManagerFactory = t1.m(x509CertificateArr, trustManagerFactory, str2);
                    } else if (trustManagerFactory == null) {
                        trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init((KeyStore) null);
                    }
                    X509TrustManager Z0 = k1.Z0(trustManagerFactory.getTrustManagers());
                    C1(j2, m0Var, Z0);
                    X509Certificate[] acceptedIssuers = Z0.getAcceptedIssuers();
                    if (acceptedIssuers != null && acceptedIssuers.length > 0) {
                        long j3 = 0;
                        try {
                            j3 = k1.w1(k.a.b.k.a, acceptedIssuers);
                            if (!SSLContext.setCACertificateBio(j2, j3)) {
                                throw new SSLException("unable to setup accepted issuers for trustmanager " + Z0);
                            }
                        } finally {
                            k1.d1(j3);
                        }
                    }
                    if (io.netty.util.internal.w.n0() >= 8) {
                        SSLContext.setSniHostnameMatcher(j2, new c(m0Var));
                    }
                    v0 v0Var = new v0(k1Var, j1);
                    v0Var.g(C);
                    return v0Var;
                } catch (SSLException e2) {
                    throw e2;
                } catch (Exception e3) {
                    throw new SSLException("unable to setup trustmanager", e3);
                }
            } catch (Throwable th2) {
                th = th2;
            }
        } catch (Exception e4) {
            e = e4;
        }
    }

    @io.netty.util.internal.h0(reason = "Guarded by java version check")
    private static void C1(long j2, m0 m0Var, X509TrustManager x509TrustManager) {
        if (k1.y1(x509TrustManager)) {
            SSLContext.setCertVerifyCallback(j2, new a(m0Var, (X509ExtendedTrustManager) x509TrustManager));
        } else {
            SSLContext.setCertVerifyCallback(j2, new d(m0Var, x509TrustManager));
        }
    }

    @Override // io.netty.handler.ssl.k1
    /* renamed from: B1, reason: merged with bridge method [inline-methods] */
    public v0 I0() {
        return this.A;
    }
}
