package o8;

import io.netty.internal.tcnative.CertificateVerifier;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import o8.a;

/* loaded from: classes2.dex */
public abstract class z0 extends i1 implements r8.s {

    /* renamed from: r, reason: collision with root package name */
    private static final u8.c f17989r;

    /* renamed from: s, reason: collision with root package name */
    private static final boolean f17990s;

    /* renamed from: t, reason: collision with root package name */
    private static final int f17991t;

    /* renamed from: u, reason: collision with root package name */
    private static final List<String> f17992u;

    /* renamed from: v, reason: collision with root package name */
    private static final Integer f17993v;

    /* renamed from: w, reason: collision with root package name */
    private static final r8.t<z0> f17994w;

    /* renamed from: x, reason: collision with root package name */
    static final f0 f17995x;

    /* renamed from: c, reason: collision with root package name */
    protected volatile long f17996c;

    /* renamed from: d, reason: collision with root package name */
    private final List<String> f17997d;

    /* renamed from: e, reason: collision with root package name */
    private final long f17998e;

    /* renamed from: f, reason: collision with root package name */
    private final long f17999f;

    /* renamed from: g, reason: collision with root package name */
    private final f0 f18000g;

    /* renamed from: h, reason: collision with root package name */
    private final int f18001h;

    /* renamed from: i, reason: collision with root package name */
    private final r8.w<z0> f18002i;

    /* renamed from: j, reason: collision with root package name */
    private final r8.b f18003j;

    /* renamed from: k, reason: collision with root package name */
    final Certificate[] f18004k;

    /* renamed from: l, reason: collision with root package name */
    final o8.f f18005l;

    /* renamed from: m, reason: collision with root package name */
    final String[] f18006m;

    /* renamed from: n, reason: collision with root package name */
    final boolean f18007n;

    /* renamed from: o, reason: collision with root package name */
    final k0 f18008o;

    /* renamed from: p, reason: collision with root package name */
    private volatile boolean f18009p;

    /* renamed from: q, reason: collision with root package name */
    private volatile int f18010q;

    /* loaded from: classes2.dex */
    static class a implements PrivilegedAction<Boolean> {
        a() {
        }

        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Boolean run() {
            return Boolean.valueOf(t8.w.d("jdk.tls.rejectClientInitiatedRenegotiation", false));
        }
    }

    /* loaded from: classes2.dex */
    static class b implements PrivilegedAction<Integer> {
        b() {
        }

        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Integer run() {
            return Integer.valueOf(Math.max(1, t8.w.e("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048)));
        }
    }

    /* loaded from: classes2.dex */
    class c extends r8.b {
        c() {
        }

        @Override // r8.b
        protected void c() {
            z0.this.B();
            if (z0.this.f18002i != null) {
                z0.this.f18002i.b(z0.this);
            }
        }

        @Override // r8.s
        public r8.s i(Object obj) {
            if (z0.this.f18002i != null) {
                z0.this.f18002i.c(obj);
            }
            return z0.this;
        }
    }

    /* loaded from: classes2.dex */
    static class d implements f0 {
        d() {
        }

        @Override // o8.f0
        public a.c a() {
            return a.c.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // o8.f0
        public a.EnumC0298a b() {
            return a.EnumC0298a.NONE;
        }

        @Override // o8.b
        public List<String> c() {
            return Collections.emptyList();
        }

        @Override // o8.f0
        public a.b g() {
            return a.b.ACCEPT;
        }
    }

    /* loaded from: classes2.dex */
    static class e implements PrivilegedAction<String> {
        e() {
        }

        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public String run() {
            return t8.w.b("jdk.tls.ephemeralDHKeySize");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class f {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f18012a;

        /* renamed from: b, reason: collision with root package name */
        static final /* synthetic */ int[] f18013b;

        /* renamed from: c, reason: collision with root package name */
        static final /* synthetic */ int[] f18014c;

        static {
            int[] iArr = new int[a.b.values().length];
            f18014c = iArr;
            try {
                iArr[a.b.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f18014c[a.b.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[a.c.values().length];
            f18013b = iArr2;
            try {
                iArr2[a.c.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f18013b[a.c.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr3 = new int[a.EnumC0298a.values().length];
            f18012a = iArr3;
            try {
                iArr3[a.EnumC0298a.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                f18012a[a.EnumC0298a.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f18012a[a.EnumC0298a.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f18012a[a.EnumC0298a.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static abstract class g extends CertificateVerifier {

        /* renamed from: a, reason: collision with root package name */
        private final k0 f18015a;

        /* JADX INFO: Access modifiers changed from: package-private */
        public g(k0 k0Var) {
            this.f18015a = k0Var;
        }
    }

    /* loaded from: classes2.dex */
    private static final class h implements k0 {

        /* renamed from: a, reason: collision with root package name */
        private final Map<Long, e1> f18016a;

        private h() {
            this.f18016a = t8.o.L();
        }

        /* synthetic */ h(a aVar) {
            this();
        }

        @Override // o8.k0
        public void a(e1 e1Var) {
            this.f18016a.put(Long.valueOf(e1Var.U()), e1Var);
        }

        @Override // o8.k0
        public e1 b(long j10) {
            return this.f18016a.remove(Long.valueOf(j10));
        }
    }

    static {
        u8.c b10 = u8.d.b(z0.class);
        f17989r = b10;
        f17990s = ((Boolean) AccessController.doPrivileged(new a())).booleanValue();
        f17991t = ((Integer) AccessController.doPrivileged(new b())).intValue();
        f17994w = r8.u.b().c(z0.class);
        f17995x = new d();
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA");
        f17992u = Collections.unmodifiableList(arrayList);
        if (b10.e()) {
            b10.m("Default cipher suite (OpenSSL): " + arrayList);
        }
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new e());
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    f17989r.m("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        f17993v = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public z0(Iterable<String> iterable, o8.e eVar, o8.a aVar, long j10, long j11, int i10, Certificate[] certificateArr, o8.f fVar, String[] strArr, boolean z10, boolean z11, boolean z12) {
        this(iterable, eVar, Q(aVar), j10, j11, i10, certificateArr, fVar, strArr, z10, z11, z12);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public z0(Iterable<String> iterable, o8.e eVar, f0 f0Var, long j10, long j11, int i10, Certificate[] certificateArr, o8.f fVar, String[] strArr, boolean z10, boolean z11, boolean z12) {
        super(z10);
        long j12;
        String next;
        this.f18003j = new c();
        ArrayList arrayList = null;
        this.f18008o = new h(0 == true ? 1 : 0);
        this.f18010q = f17991t;
        e0.d();
        if (z11 && !e0.h()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i10 != 1 && i10 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.f18002i = z12 ? f17994w.k(this) : null;
        this.f18001h = i10;
        this.f18005l = n() ? (o8.f) t8.m.a(fVar, "clientAuth") : o8.f.NONE;
        this.f18006m = strArr;
        this.f18007n = z11;
        if (i10 == 1) {
            this.f18009p = f17990s;
        }
        this.f18004k = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            arrayList = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (it.hasNext() && (next = it.next()) != null) {
                String i11 = o8.d.i(next);
                if (i11 != null) {
                    next = i11;
                }
                arrayList.add(next);
            }
        }
        List<String> asList = Arrays.asList(((o8.e) t8.m.a(eVar, "cipherFilter")).a(arrayList, f17992u, e0.a()));
        this.f17997d = asList;
        this.f18000g = (f0) t8.m.a(f0Var, "apn");
        try {
            synchronized (z0.class) {
                try {
                    try {
                        this.f17996c = SSLContext.make(31, i10);
                        SSLContext.setOptions(this.f17996c, SSLContext.getOptions(this.f17996c) | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_CIPHER_SERVER_PREFERENCE | SSL.SSL_OP_NO_COMPRESSION | SSL.SSL_OP_NO_TICKET);
                        SSLContext.setMode(this.f17996c, SSLContext.getMode(this.f17996c) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
                        Integer num = f17993v;
                        if (num != null) {
                            SSLContext.setTmpDHLength(this.f17996c, num.intValue());
                        }
                        try {
                            SSLContext.setCipherSuite(this.f17996c, o8.d.h(asList));
                            List<String> c10 = f0Var.c();
                            if (!c10.isEmpty()) {
                                String[] strArr2 = (String[]) c10.toArray(new String[c10.size()]);
                                int K = K(f0Var.a());
                                int i12 = f.f18012a[f0Var.b().ordinal()];
                                if (i12 != 1) {
                                    if (i12 == 2) {
                                        j12 = this.f17996c;
                                    } else {
                                        if (i12 != 3) {
                                            throw new Error();
                                        }
                                        SSLContext.setNpnProtos(this.f17996c, strArr2, K);
                                        j12 = this.f17996c;
                                    }
                                    SSLContext.setAlpnProtos(j12, strArr2, K);
                                } else {
                                    SSLContext.setNpnProtos(this.f17996c, strArr2, K);
                                }
                            }
                            if (j10 > 0) {
                                this.f17998e = j10;
                                SSLContext.setSessionCacheSize(this.f17996c, j10);
                            } else {
                                long sessionCacheSize = SSLContext.setSessionCacheSize(this.f17996c, 20480L);
                                this.f17998e = sessionCacheSize;
                                SSLContext.setSessionCacheSize(this.f17996c, sessionCacheSize);
                            }
                            if (j11 > 0) {
                                this.f17999f = j11;
                                SSLContext.setSessionCacheTimeout(this.f17996c, j11);
                            } else {
                                long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.f17996c, 300L);
                                this.f17999f = sessionCacheTimeout;
                                SSLContext.setSessionCacheTimeout(this.f17996c, sessionCacheTimeout);
                            }
                            if (z11) {
                                SSLContext.enableOcsp(this.f17996c, m());
                            }
                        } catch (SSLException e10) {
                            throw e10;
                        } catch (Exception e11) {
                            throw new SSLException("failed to set cipher suite: " + this.f17997d, e11);
                        }
                    } catch (Exception e12) {
                        throw new SSLException("failed to create an SSL_CTX", e12);
                    }
                } catch (Throwable th) {
                    throw th;
                }
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager A(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void D(long j10) {
        if (j10 != 0) {
            SSL.freeBIO(j10);
        }
    }

    private static long H(h8.j jVar) {
        try {
            long newMemBIO = SSL.newMemBIO();
            int d12 = jVar.d1();
            if (SSL.bioWrite(newMemBIO, e0.j(jVar) + jVar.e1(), d12) == d12) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.release();
        }
    }

    private static int K(a.c cVar) {
        int i10 = f.f18013b[cVar.ordinal()];
        if (i10 == 1) {
            return 0;
        }
        if (i10 == 2) {
            return 1;
        }
        throw new Error();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void M(long j10, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) {
        long j11;
        long j12;
        long j13 = 0;
        t0 t0Var = null;
        try {
            try {
                h8.k kVar = h8.k.f10570a;
                t0Var = x0.f(kVar, true, x509CertificateArr);
                long N = N(kVar, t0Var.b());
                try {
                    long N2 = N(kVar, t0Var.b());
                    if (privateKey != null) {
                        try {
                            j13 = O(privateKey);
                        } catch (SSLException e10) {
                            throw e10;
                        } catch (Exception e11) {
                            e = e11;
                            throw new SSLException("failed to set certificate and key", e);
                        } catch (Throwable th) {
                            th = th;
                            j12 = N;
                            j11 = N2;
                            D(j13);
                            D(j12);
                            D(j11);
                            if (t0Var != null) {
                                t0Var.release();
                            }
                            throw th;
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j10, N, j13, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j10, N2, true);
                        D(j13);
                        D(N);
                        D(N2);
                        t0Var.release();
                    } catch (SSLException e12) {
                    } catch (Exception e13) {
                        e = e13;
                        throw new SSLException("failed to set certificate and key", e);
                    }
                } catch (SSLException e14) {
                } catch (Exception e15) {
                    e = e15;
                } catch (Throwable th2) {
                    th = th2;
                    j12 = N;
                    j11 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e16) {
            throw e16;
        } catch (Exception e17) {
            e = e17;
        } catch (Throwable th4) {
            th = th4;
            j11 = 0;
            j12 = 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long N(h8.k kVar, t0 t0Var) {
        try {
            h8.j a10 = t0Var.a();
            if (a10.E0()) {
                return H(a10.i1());
            }
            h8.j c10 = kVar.c(a10.d1());
            try {
                c10.D1(a10, a10.e1(), a10.d1());
                long H = H(c10.i1());
                try {
                    if (t0Var.C()) {
                        o1.k(c10);
                    }
                    return H;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (t0Var.C()) {
                        o1.k(c10);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            t0Var.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long O(PrivateKey privateKey) {
        if (privateKey == null) {
            return 0L;
        }
        h8.k kVar = h8.k.f10570a;
        t0 f10 = u0.f(kVar, true, privateKey);
        try {
            return N(kVar, f10.b());
        } finally {
            f10.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long P(X509Certificate... x509CertificateArr) {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        h8.k kVar = h8.k.f10570a;
        t0 f10 = x0.f(kVar, true, x509CertificateArr);
        try {
            return N(kVar, f10.b());
        } finally {
            f10.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static f0 Q(o8.a aVar) {
        if (aVar == null) {
            return f17995x;
        }
        int i10 = f.f18012a[aVar.a().ordinal()];
        if (i10 != 1 && i10 != 2 && i10 != 3) {
            if (i10 == 4) {
                return f17995x;
            }
            throw new Error();
        }
        int i11 = f.f18014c[aVar.b().ordinal()];
        if (i11 != 1 && i11 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + aVar.b() + " behavior");
        }
        int i12 = f.f18013b[aVar.c().ordinal()];
        if (i12 == 1 || i12 == 2) {
            return new i0(aVar);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + aVar.c() + " behavior");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean R(X509KeyManager x509KeyManager) {
        return t8.o.G() >= 7 && (x509KeyManager instanceof X509ExtendedKeyManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean S(X509TrustManager x509TrustManager) {
        return t8.o.G() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager z(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    final void B() {
        synchronized (z0.class) {
            if (this.f17996c != 0) {
                if (this.f18007n) {
                    SSLContext.disableOcsp(this.f17996c);
                }
                SSLContext.free(this.f17996c);
                this.f17996c = 0L;
            }
        }
    }

    public int E() {
        return this.f18010q;
    }

    public boolean F() {
        return this.f18009p;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract n0 G();

    public final SSLEngine I(h8.k kVar, String str, int i10) {
        return J(kVar, str, i10);
    }

    SSLEngine J(h8.k kVar, String str, int i10) {
        return new e1(this, kVar, str, i10, true);
    }

    public abstract q0 L();

    @Override // r8.s
    public final r8.s b() {
        this.f18003j.b();
        return this;
    }

    @Override // r8.s
    public final r8.s i(Object obj) {
        this.f18003j.i(obj);
        return this;
    }

    @Override // o8.i1
    public final boolean m() {
        return this.f18001h == 0;
    }

    @Override // o8.i1
    public final SSLEngine r(h8.k kVar) {
        return I(kVar, null, -1);
    }

    @Override // r8.s
    public final boolean release() {
        return this.f18003j.release();
    }

    @Override // r8.s
    public final int w() {
        return this.f18003j.w();
    }

    public o8.b y() {
        return this.f18000g;
    }
}
