package io.netty.handler.ssl;

import com.google.firebase.dynamiclinks.DynamicLink;
import defpackage.a23;
import defpackage.af2;
import defpackage.ch;
import defpackage.cs;
import defpackage.ds;
import defpackage.f73;
import defpackage.h73;
import defpackage.hm3;
import defpackage.ks3;
import defpackage.li2;
import defpackage.mi2;
import defpackage.p31;
import defpackage.q31;
import defpackage.tk2;
import defpackage.wc2;
import defpackage.y6;
import io.netty.handler.ssl.b;
import io.netty.internal.tcnative.CertificateVerifier;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes5.dex */
public abstract class k0 extends o0 implements a23 {
    private static final io.netty.util.l<k0> a0;
    public static final int b0 = 10;
    public static final s c0;
    private static final p31 s;
    private static final boolean t;
    private static final int u;
    private static final List<String> x;
    private static final Integer y;

    /* renamed from: c, reason: collision with root package name */
    public long f2585c;
    private final List<String> d;
    private final long e;
    private final long f;
    private final s g;
    private final int h;
    private final h73<k0> i;
    private final io.netty.util.b j;
    public final Certificate[] k;
    public final io.netty.handler.ssl.d l;
    public final String[] m;
    public final boolean n;
    public final af2 o;
    public final ReadWriteLock p;
    private volatile boolean q;
    private volatile int r;

    /* loaded from: classes5.dex */
    public static class a implements PrivilegedAction<Boolean> {
        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Boolean run() {
            return Boolean.valueOf(ks3.d("jdk.tls.rejectClientInitiatedRenegotiation", false));
        }
    }

    /* loaded from: classes5.dex */
    public static class b implements PrivilegedAction<Integer> {
        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Integer run() {
            return Integer.valueOf(Math.max(1, ks3.e("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048)));
        }
    }

    /* loaded from: classes5.dex */
    public class c extends io.netty.util.b {
        public static final /* synthetic */ boolean d = false;

        public c() {
        }

        @Override // io.netty.util.b
        public void a() {
            k0.this.A0();
            if (k0.this.i != null) {
                k0.this.i.c(k0.this);
            }
        }

        @Override // defpackage.a23
        public a23 m(Object obj) {
            if (k0.this.i != null) {
                k0.this.i.a(obj);
            }
            return k0.this;
        }
    }

    /* loaded from: classes5.dex */
    public static class d implements s {
        @Override // io.netty.handler.ssl.s
        public b.c a() {
            return b.c.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // defpackage.y6
        public List<String> b() {
            return Collections.emptyList();
        }

        @Override // io.netty.handler.ssl.s
        public b.EnumC0532b d() {
            return b.EnumC0532b.ACCEPT;
        }

        @Override // io.netty.handler.ssl.s
        public b.a protocol() {
            return b.a.NONE;
        }
    }

    /* loaded from: classes5.dex */
    public static class e implements PrivilegedAction<String> {
        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public String run() {
            return ks3.b("jdk.tls.ephemeralDHKeySize");
        }
    }

    /* loaded from: classes5.dex */
    public static /* synthetic */ class f {
        public static final /* synthetic */ int[] a;
        public static final /* synthetic */ int[] b;

        /* renamed from: c, reason: collision with root package name */
        public static final /* synthetic */ int[] f2587c;

        static {
            int[] iArr = new int[b.EnumC0532b.values().length];
            f2587c = iArr;
            try {
                iArr[b.EnumC0532b.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f2587c[b.EnumC0532b.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[b.c.values().length];
            b = iArr2;
            try {
                iArr2[b.c.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                b[b.c.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr3 = new int[b.a.values().length];
            a = iArr3;
            try {
                iArr3[b.a.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                a[b.a.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                a[b.a.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                a[b.a.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* loaded from: classes5.dex */
    public static abstract class g extends CertificateVerifier {
        private final af2 a;

        public g(af2 af2Var) {
            this.a = af2Var;
        }

        public final int a(long j, byte[][] bArr, String str) {
            X509Certificate[] w0 = k0.w0(bArr);
            l0 c2 = this.a.c(j);
            try {
                b(c2, w0, str);
                return CertificateVerifier.X509_V_OK;
            } catch (Throwable th) {
                k0.s.c("verification of certificate failed", th);
                SSLHandshakeException sSLHandshakeException = new SSLHandshakeException("General OpenSslEngine problem");
                sSLHandshakeException.initCause(th);
                c2.f0 = sSLHandshakeException;
                if (th instanceof OpenSslCertificateException) {
                    return th.b();
                }
                if (th instanceof CertificateExpiredException) {
                    return CertificateVerifier.X509_V_ERR_CERT_HAS_EXPIRED;
                }
                if (th instanceof CertificateNotYetValidException) {
                    return CertificateVerifier.X509_V_ERR_CERT_NOT_YET_VALID;
                }
                if (tk2.c0() >= 7) {
                    if (th instanceof CertificateRevokedException) {
                        return CertificateVerifier.X509_V_ERR_CERT_REVOKED;
                    }
                    for (Throwable cause = th.getCause(); cause != null; cause = cause.getCause()) {
                        if (cause instanceof CertPathValidatorException) {
                            CertPathValidatorException.Reason reason = ((CertPathValidatorException) cause).getReason();
                            if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
                                return CertificateVerifier.X509_V_ERR_CERT_HAS_EXPIRED;
                            }
                            if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
                                return CertificateVerifier.X509_V_ERR_CERT_NOT_YET_VALID;
                            }
                            if (reason == CertPathValidatorException.BasicReason.REVOKED) {
                                return CertificateVerifier.X509_V_ERR_CERT_REVOKED;
                            }
                        }
                    }
                }
                return CertificateVerifier.X509_V_ERR_UNSPECIFIED;
            }
        }

        public abstract void b(l0 l0Var, X509Certificate[] x509CertificateArr, String str) throws Exception;
    }

    /* loaded from: classes5.dex */
    public static final class h implements af2 {
        private final Map<Long, l0> a;

        private h() {
            this.a = tk2.i0();
        }

        public /* synthetic */ h(a aVar) {
            this();
        }

        @Override // defpackage.af2
        public void a(l0 l0Var) {
            this.a.put(Long.valueOf(l0Var.d0()), l0Var);
        }

        @Override // defpackage.af2
        public l0 b(long j) {
            return this.a.remove(Long.valueOf(j));
        }

        @Override // defpackage.af2
        public l0 c(long j) {
            return this.a.get(Long.valueOf(j));
        }
    }

    static {
        p31 b2 = q31.b(k0.class);
        s = b2;
        t = ((Boolean) AccessController.doPrivileged(new a())).booleanValue();
        u = ((Integer) AccessController.doPrivileged(new b())).intValue();
        a0 = f73.b().c(k0.class);
        c0 = new d();
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA");
        x = Collections.unmodifiableList(arrayList);
        if (b2.f()) {
            b2.b("Default cipher suite (OpenSSL): " + arrayList);
        }
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new e());
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    s.b("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        y = num;
    }

    public k0(Iterable<String> iterable, ds dsVar, io.netty.handler.ssl.b bVar, long j, long j2, int i, Certificate[] certificateArr, io.netty.handler.ssl.d dVar, String[] strArr, boolean z, boolean z2, boolean z3) throws SSLException {
        this(iterable, dsVar, S0(bVar), j, j2, i, certificateArr, dVar, strArr, z, z2, z3);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public k0(Iterable<String> iterable, ds dsVar, s sVar, long j, long j2, int i, Certificate[] certificateArr, io.netty.handler.ssl.d dVar, String[] strArr, boolean z, boolean z2, boolean z3) throws SSLException {
        super(z);
        String next;
        this.j = new c();
        ArrayList arrayList = null;
        this.o = new h(0 == true ? 1 : 0);
        this.p = new ReentrantReadWriteLock();
        this.r = u;
        r.f();
        if (z2 && !r.k()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.i = z3 ? a0.o(this) : null;
        this.h = i;
        this.l = s() ? (io.netty.handler.ssl.d) wc2.b(dVar, "clientAuth") : io.netty.handler.ssl.d.NONE;
        this.m = strArr;
        this.n = z2;
        if (i == 1) {
            this.q = t;
        }
        this.k = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            arrayList = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (it.hasNext() && (next = it.next()) != null) {
                String l = cs.l(next);
                if (l != null) {
                    next = l;
                }
                arrayList.add(next);
            }
        }
        List<String> asList = Arrays.asList(((ds) wc2.b(dsVar, "cipherFilter")).a(arrayList, x, r.c()));
        this.d = asList;
        this.g = (s) wc2.b(sVar, DynamicLink.AndroidParameters.KEY_ANDROID_PACKAGE_NAME);
        try {
            try {
                long make = SSLContext.make(31, i);
                this.f2585c = make;
                SSLContext.setOptions(make, SSLContext.getOptions(make) | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_CIPHER_SERVER_PREFERENCE | SSL.SSL_OP_NO_COMPRESSION | SSL.SSL_OP_NO_TICKET);
                long j3 = this.f2585c;
                SSLContext.setMode(j3, SSLContext.getMode(j3) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
                Integer num = y;
                if (num != null) {
                    SSLContext.setTmpDHLength(this.f2585c, num.intValue());
                }
                try {
                    SSLContext.setCipherSuite(this.f2585c, cs.k(asList));
                    List<String> b2 = sVar.b();
                    if (!b2.isEmpty()) {
                        String[] strArr2 = (String[]) b2.toArray(new String[b2.size()]);
                        int H0 = H0(sVar.a());
                        int i2 = f.a[sVar.protocol().ordinal()];
                        if (i2 == 1) {
                            SSLContext.setNpnProtos(this.f2585c, strArr2, H0);
                        } else if (i2 == 2) {
                            SSLContext.setAlpnProtos(this.f2585c, strArr2, H0);
                        } else {
                            if (i2 != 3) {
                                throw new Error();
                            }
                            SSLContext.setNpnProtos(this.f2585c, strArr2, H0);
                            SSLContext.setAlpnProtos(this.f2585c, strArr2, H0);
                        }
                    }
                    if (j > 0) {
                        this.e = j;
                        SSLContext.setSessionCacheSize(this.f2585c, j);
                    } else {
                        long sessionCacheSize = SSLContext.setSessionCacheSize(this.f2585c, 20480L);
                        this.e = sessionCacheSize;
                        SSLContext.setSessionCacheSize(this.f2585c, sessionCacheSize);
                    }
                    if (j2 > 0) {
                        this.f = j2;
                        SSLContext.setSessionCacheTimeout(this.f2585c, j2);
                    } else {
                        long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.f2585c, 300L);
                        this.f = sessionCacheTimeout;
                        SSLContext.setSessionCacheTimeout(this.f2585c, sessionCacheTimeout);
                    }
                    if (z2) {
                        SSLContext.enableOcsp(this.f2585c, r());
                    }
                } catch (SSLException e2) {
                    throw e2;
                } catch (Exception e3) {
                    throw new SSLException("failed to set cipher suite: " + this.d, e3);
                }
            } catch (Exception e4) {
                throw new SSLException("failed to create an SSL_CTX", e4);
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void A0() {
        Lock writeLock = this.p.writeLock();
        writeLock.lock();
        try {
            long j = this.f2585c;
            if (j != 0) {
                if (this.n) {
                    SSLContext.disableOcsp(j);
                }
                SSLContext.free(this.f2585c);
                this.f2585c = 0L;
            }
        } finally {
            writeLock.unlock();
        }
    }

    public static void B0(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    private static long F0(io.netty.buffer.g gVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int s5 = gVar.s5();
            if (SSL.bioWrite(newMemBIO, r.m(gVar) + gVar.t5(), s5) == s5) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            gVar.release();
        }
    }

    private static int H0(b.c cVar) {
        int i = f.b[cVar.ordinal()];
        if (i == 1) {
            return 0;
        }
        if (i == 2) {
            return 1;
        }
        throw new Error();
    }

    public static void K0(long j, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j2;
        long j3;
        long j4 = 0;
        li2 li2Var = null;
        try {
            try {
                ch chVar = ch.a;
                li2Var = i0.l(chVar, true, x509CertificateArr);
                j3 = P0(chVar, li2Var.n());
                try {
                    long P0 = P0(chVar, li2Var.n());
                    if (privateKey != null) {
                        try {
                            j4 = Q0(privateKey);
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            e = e3;
                            throw new SSLException("failed to set certificate and key", e);
                        } catch (Throwable th) {
                            th = th;
                            j2 = P0;
                            B0(j4);
                            B0(j3);
                            B0(j2);
                            if (li2Var != null) {
                                li2Var.release();
                            }
                            throw th;
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j, j3, j4, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j, P0, true);
                        B0(j4);
                        B0(j3);
                        B0(P0);
                        li2Var.release();
                    } catch (SSLException e4) {
                    } catch (Exception e5) {
                        e = e5;
                        throw new SSLException("failed to set certificate and key", e);
                    }
                } catch (SSLException e6) {
                } catch (Exception e7) {
                    e = e7;
                } catch (Throwable th2) {
                    th = th2;
                    j2 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e8) {
            throw e8;
        } catch (Exception e9) {
            e = e9;
        } catch (Throwable th4) {
            th = th4;
            j2 = 0;
            j3 = 0;
        }
    }

    public static long P0(ch chVar, li2 li2Var) throws Exception {
        try {
            io.netty.buffer.g G = li2Var.G();
            if (G.u4()) {
                return F0(G.A5());
            }
            io.netty.buffer.g m = chVar.m(G.s5());
            try {
                m.r6(G, G.t5(), G.s5());
                long F0 = F0(m.A5());
                try {
                    if (li2Var.H1()) {
                        hm3.l(m);
                    }
                    return F0;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (li2Var.H1()) {
                        hm3.l(m);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            li2Var.release();
        }
    }

    public static long Q0(PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        ch chVar = ch.a;
        li2 o = mi2.o(chVar, true, privateKey);
        try {
            return P0(chVar, o.n());
        } finally {
            o.release();
        }
    }

    public static long R0(X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        ch chVar = ch.a;
        li2 l = i0.l(chVar, true, x509CertificateArr);
        try {
            return P0(chVar, l.n());
        } finally {
            l.release();
        }
    }

    public static s S0(io.netty.handler.ssl.b bVar) {
        if (bVar == null) {
            return c0;
        }
        int i = f.a[bVar.a().ordinal()];
        if (i != 1 && i != 2 && i != 3) {
            if (i == 4) {
                return c0;
            }
            throw new Error();
        }
        int i2 = f.f2587c[bVar.b().ordinal()];
        if (i2 != 1 && i2 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + bVar.b() + " behavior");
        }
        int i3 = f.b[bVar.c().ordinal()];
        if (i3 == 1 || i3 == 2) {
            return new v(bVar);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + bVar.c() + " behavior");
    }

    public static boolean T0(X509KeyManager x509KeyManager) {
        return tk2.c0() >= 7 && (x509KeyManager instanceof X509ExtendedKeyManager);
    }

    public static boolean U0(X509TrustManager x509TrustManager) {
        return tk2.c0() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    public static X509Certificate[] w0(byte[][] bArr) {
        int length = bArr.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i = 0; i < length; i++) {
            x509CertificateArr[i] = new f0(bArr[i]);
        }
        return x509CertificateArr;
    }

    public static X509TrustManager x0(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static X509KeyManager y0(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    public int C0() {
        return this.r;
    }

    @Override // defpackage.a23
    public final int C1() {
        return this.j.C1();
    }

    public boolean D0() {
        return this.q;
    }

    public abstract y E0();

    public SSLEngine G0(ch chVar, String str, int i) {
        return new l0(this, chVar, str, i, true);
    }

    @Override // io.netty.handler.ssl.o0
    /* renamed from: I0 */
    public abstract c0 h0();

    public void J0(int i) {
        this.r = wc2.e(i, "bioNonApplicationBufferSize");
    }

    public void L0(boolean z) {
        this.q = z;
    }

    @Override // io.netty.handler.ssl.o0
    public final SSLEngine M(ch chVar) {
        return N(chVar, null, -1);
    }

    @Deprecated
    public final void M0(byte[] bArr) {
        h0().c(bArr);
    }

    @Override // io.netty.handler.ssl.o0
    public final SSLEngine N(ch chVar, String str, int i) {
        return G0(chVar, str, i);
    }

    @Deprecated
    public final long N0() {
        Lock readLock = this.p.readLock();
        readLock.lock();
        try {
            return this.f2585c;
        } finally {
            readLock.unlock();
        }
    }

    @Deprecated
    public final d0 O0() {
        return h0().e();
    }

    @Override // io.netty.handler.ssl.o0
    public y6 a() {
        return this.g;
    }

    @Override // defpackage.a23
    public final a23 c(int i) {
        this.j.c(i);
        return this;
    }

    @Override // io.netty.handler.ssl.o0
    public final long g0() {
        return this.e;
    }

    @Override // io.netty.handler.ssl.o0
    public final List<String> h() {
        return this.d;
    }

    @Override // io.netty.handler.ssl.o0
    public final long i0() {
        return this.f;
    }

    @Override // defpackage.a23
    public final a23 k() {
        this.j.k();
        return this;
    }

    @Override // defpackage.a23
    public final a23 m(Object obj) {
        this.j.m(obj);
        return this;
    }

    @Override // defpackage.a23
    public final a23 n() {
        this.j.n();
        return this;
    }

    @Override // io.netty.handler.ssl.o0
    public final boolean r() {
        return this.h == 0;
    }

    @Override // defpackage.a23
    public final boolean release() {
        return this.j.release();
    }

    @Deprecated
    public final long z0() {
        Lock readLock = this.p.readLock();
        readLock.lock();
        try {
            return this.f2585c;
        } finally {
            readLock.unlock();
        }
    }

    @Override // defpackage.a23
    public final boolean z3(int i) {
        return this.j.z3(i);
    }
}
