package io.netty.handler.ssl;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.util.ResourceLeakDetector;
import io.netty.util.internal.PlatformDependent;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* compiled from: ReferenceCountedOpenSslContext.java */
/* loaded from: classes3.dex */
public abstract class aj extends al implements io.netty.util.o {
    private static final List<String> k;
    private static final Integer l;

    /* renamed from: a, reason: collision with root package name */
    protected volatile long f12371a;
    long b;

    /* renamed from: c, reason: collision with root package name */
    final Certificate[] f12372c;
    final ClientAuth d;
    final x e;
    volatile boolean f;
    private final List<String> n;
    private final long o;
    private final long p;
    private final s q;
    private final int r;
    private final io.netty.util.p s;
    private final io.netty.util.b t;
    private static final io.netty.util.internal.logging.b i = io.netty.util.internal.logging.c.a((Class<?>) aj.class);
    private static final boolean j = io.netty.util.internal.p.a("jdk.tls.rejectClientInitiatedRenegotiation", false);
    private static final ResourceLeakDetector<aj> m = io.netty.util.q.a().a(aj.class);
    static final s g = new s() { // from class: io.netty.handler.ssl.aj.2
        @Override // io.netty.handler.ssl.a
        public List<String> a() {
            return Collections.emptyList();
        }

        @Override // io.netty.handler.ssl.s
        public ApplicationProtocolConfig.Protocol b() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }

        @Override // io.netty.handler.ssl.s
        public ApplicationProtocolConfig.SelectorFailureBehavior c() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.netty.handler.ssl.s
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior d() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes3.dex */
    public static abstract class a implements CertificateVerifier {

        /* renamed from: a, reason: collision with root package name */
        private final x f12376a;

        /* JADX INFO: Access modifiers changed from: package-private */
        public a(x xVar) {
            this.f12376a = xVar;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes3.dex */
    private static final class b implements x {

        /* renamed from: a, reason: collision with root package name */
        private final Map<Long, ReferenceCountedOpenSslEngine> f12377a;

        private b() {
            this.f12377a = PlatformDependent.j();
        }

        @Override // io.netty.handler.ssl.x
        public ReferenceCountedOpenSslEngine a(long j) {
            return this.f12377a.remove(Long.valueOf(j));
        }

        @Override // io.netty.handler.ssl.x
        public void a(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) {
            this.f12377a.put(Long.valueOf(referenceCountedOpenSslEngine.a()), referenceCountedOpenSslEngine);
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA");
        k = Collections.unmodifiableList(arrayList);
        if (i.b()) {
            i.b("Default cipher suite (OpenSSL): " + arrayList);
        }
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: io.netty.handler.ssl.aj.3
                @Override // java.security.PrivilegedAction
                /* renamed from: a, reason: merged with bridge method [inline-methods] */
                public String run() {
                    return io.netty.util.internal.p.b("jdk.tls.ephemeralDHKeySize");
                }
            });
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    i.b("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        l = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public aj(Iterable<String> iterable, d dVar, ApplicationProtocolConfig applicationProtocolConfig, long j2, long j3, int i2, Certificate[] certificateArr, ClientAuth clientAuth, boolean z) throws SSLException {
        this(iterable, dVar, a(applicationProtocolConfig), j2, j3, i2, certificateArr, clientAuth, z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public aj(Iterable<String> iterable, d dVar, s sVar, long j2, long j3, int i2, Certificate[] certificateArr, ClientAuth clientAuth, boolean z) throws SSLException {
        String next;
        this.t = new io.netty.util.b() { // from class: io.netty.handler.ssl.aj.1
            @Override // io.netty.util.b
            protected void deallocate() {
                aj.this.f();
                if (aj.this.s != null) {
                    aj.this.s.close();
                }
            }

            @Override // io.netty.util.o
            public io.netty.util.o touch(Object obj) {
                if (aj.this.s != null) {
                    aj.this.s.a(obj);
                }
                return aj.this;
            }
        };
        ArrayList arrayList = null;
        this.e = new b();
        r.b();
        if (i2 != 1 && i2 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.s = z ? m.a((ResourceLeakDetector<aj>) this) : null;
        this.r = i2;
        this.d = i() ? (ClientAuth) io.netty.util.internal.m.a(clientAuth, "clientAuth") : ClientAuth.NONE;
        if (i2 == 1) {
            this.f = j;
        }
        this.f12372c = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            arrayList = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (it.hasNext() && (next = it.next()) != null) {
                String a2 = c.a(next);
                if (a2 != null) {
                    next = a2;
                }
                arrayList.add(next);
            }
        }
        this.n = Arrays.asList(((d) io.netty.util.internal.m.a(dVar, "cipherFilter")).a(arrayList, k, r.c()));
        this.q = (s) io.netty.util.internal.m.a(sVar, "apn");
        this.b = Pool.create(0L);
        try {
            synchronized (aj.class) {
                try {
                    try {
                        this.f12371a = SSLContext.make(this.b, 31, i2);
                        SSLContext.setOptions(this.f12371a, 4095);
                        SSLContext.setOptions(this.f12371a, 16777216);
                        SSLContext.setOptions(this.f12371a, 33554432);
                        SSLContext.setOptions(this.f12371a, 4194304);
                        SSLContext.setOptions(this.f12371a, 524288);
                        SSLContext.setOptions(this.f12371a, 1048576);
                        SSLContext.setOptions(this.f12371a, 65536);
                        SSLContext.setOptions(this.f12371a, 16384);
                        SSLContext.setMode(this.f12371a, SSLContext.getMode(this.f12371a) | 2);
                        if (l != null) {
                            SSLContext.setTmpDHLength(this.f12371a, l.intValue());
                        }
                        try {
                            try {
                                SSLContext.setCipherSuite(this.f12371a, c.a(this.n));
                                List<String> a3 = sVar.a();
                                if (!a3.isEmpty()) {
                                    String[] strArr = (String[]) a3.toArray(new String[a3.size()]);
                                    int a4 = a(sVar.c());
                                    switch (sVar.b()) {
                                        case NPN:
                                            SSLContext.setNpnProtos(this.f12371a, strArr, a4);
                                            break;
                                        case ALPN:
                                            SSLContext.setAlpnProtos(this.f12371a, strArr, a4);
                                            break;
                                        case NPN_AND_ALPN:
                                            SSLContext.setNpnProtos(this.f12371a, strArr, a4);
                                            SSLContext.setAlpnProtos(this.f12371a, strArr, a4);
                                            break;
                                        default:
                                            throw new Error();
                                    }
                                }
                                if (j2 > 0) {
                                    this.o = j2;
                                    SSLContext.setSessionCacheSize(this.f12371a, j2);
                                } else {
                                    long sessionCacheSize = SSLContext.setSessionCacheSize(this.f12371a, 20480L);
                                    this.o = sessionCacheSize;
                                    SSLContext.setSessionCacheSize(this.f12371a, sessionCacheSize);
                                }
                                if (j3 > 0) {
                                    this.p = j3;
                                    SSLContext.setSessionCacheTimeout(this.f12371a, j3);
                                } else {
                                    long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.f12371a, 300L);
                                    this.p = sessionCacheTimeout;
                                    SSLContext.setSessionCacheTimeout(this.f12371a, sessionCacheTimeout);
                                }
                            } catch (Exception e) {
                                throw new SSLException("failed to set cipher suite: " + this.n, e);
                            }
                        } catch (SSLException e2) {
                            throw e2;
                        }
                    } catch (Exception e3) {
                        throw new SSLException("failed to create an SSL_CTX", e3);
                    }
                } catch (Throwable th) {
                    throw th;
                }
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    private static int a(ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior) {
        switch (selectorFailureBehavior) {
            case NO_ADVERTISE:
                return 0;
            case CHOOSE_MY_LAST_PROTOCOL:
                return 1;
            default:
                throw new Error();
        }
    }

    private static long a(io.netty.buffer.j jVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int h = jVar.h();
            if (SSL.writeToBIO(newMemBIO, r.a(jVar) + jVar.c(), h) == h) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(io.netty.buffer.k kVar, af afVar) throws Exception {
        try {
            io.netty.buffer.j content = afVar.content();
            if (content.J()) {
                return a(content.y());
            }
            io.netty.buffer.j d = kVar.d(content.h());
            try {
                d.b(content, content.c(), content.h());
                long a2 = a(d.y());
                try {
                    if (afVar.isSensitive()) {
                        aq.a(d);
                    }
                    return a2;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (afVar.isSensitive()) {
                        aq.a(d);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            afVar.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        io.netty.buffer.k kVar = io.netty.buffer.k.f12036a;
        af pem = PemPrivateKey.toPEM(kVar, true, privateKey);
        try {
            return a(kVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        io.netty.buffer.k kVar = io.netty.buffer.k.f12036a;
        af pem = PemX509Certificate.toPEM(kVar, true, x509CertificateArr);
        try {
            return a(kVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static s a(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return g;
        }
        switch (applicationProtocolConfig.b()) {
            case NPN:
            case ALPN:
            case NPN_AND_ALPN:
                switch (applicationProtocolConfig.d()) {
                    case CHOOSE_MY_LAST_PROTOCOL:
                    case ACCEPT:
                        switch (applicationProtocolConfig.c()) {
                            case NO_ADVERTISE:
                            case CHOOSE_MY_LAST_PROTOCOL:
                                return new v(applicationProtocolConfig);
                            default:
                                throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.c() + " behavior");
                        }
                    default:
                        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.d() + " behavior");
                }
            case NONE:
                return g;
            default:
                throw new Error();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager a(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(long j2) {
        if (j2 != 0) {
            SSL.freeBIO(j2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Removed duplicated region for block: B:33:0x008b  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void a(long r16, java.security.cert.X509Certificate[] r18, java.security.PrivateKey r19, java.lang.String r20) throws javax.net.ssl.SSLException {
        /*
            r1 = 0
            r3 = 0
            io.netty.buffer.k r0 = io.netty.buffer.k.f12036a     // Catch: java.lang.Throwable -> L6a java.lang.Exception -> L6f javax.net.ssl.SSLException -> L7a
            r4 = 1
            r5 = r18
            io.netty.handler.ssl.af r4 = io.netty.handler.ssl.PemX509Certificate.toPEM(r0, r4, r5)     // Catch: java.lang.Throwable -> L6a java.lang.Exception -> L6f javax.net.ssl.SSLException -> L7a
            io.netty.buffer.k r0 = io.netty.buffer.k.f12036a     // Catch: java.lang.Throwable -> L5c java.lang.Exception -> L60 javax.net.ssl.SSLException -> L65
            io.netty.handler.ssl.af r3 = r4.retain()     // Catch: java.lang.Throwable -> L5c java.lang.Exception -> L60 javax.net.ssl.SSLException -> L65
            long r12 = a(r0, r3)     // Catch: java.lang.Throwable -> L5c java.lang.Exception -> L60 javax.net.ssl.SSLException -> L65
            io.netty.buffer.k r0 = io.netty.buffer.k.f12036a     // Catch: java.lang.Throwable -> L53 java.lang.Exception -> L56 javax.net.ssl.SSLException -> L59
            io.netty.handler.ssl.af r3 = r4.retain()     // Catch: java.lang.Throwable -> L53 java.lang.Exception -> L56 javax.net.ssl.SSLException -> L59
            long r14 = a(r0, r3)     // Catch: java.lang.Throwable -> L53 java.lang.Exception -> L56 javax.net.ssl.SSLException -> L59
            if (r19 == 0) goto L2f
            long r5 = a(r19)     // Catch: java.lang.Throwable -> L28 java.lang.Exception -> L2b javax.net.ssl.SSLException -> L2d
            r1 = r5
            goto L2f
        L28:
            r0 = move-exception
            goto L80
        L2b:
            r0 = move-exception
            goto L63
        L2d:
            r0 = move-exception
            goto L68
        L2f:
            if (r20 != 0) goto L35
            java.lang.String r0 = ""
            r11 = r0
            goto L37
        L35:
            r11 = r20
        L37:
            r5 = r16
            r7 = r12
            r9 = r1
            org.apache.tomcat.jni.SSLContext.setCertificateBio(r5, r7, r9, r11)     // Catch: java.lang.Throwable -> L28 java.lang.Exception -> L2b javax.net.ssl.SSLException -> L2d
            r0 = 0
            r5 = r16
            org.apache.tomcat.jni.SSLContext.setCertificateChainBio(r5, r14, r0)     // Catch: java.lang.Throwable -> L28 java.lang.Exception -> L2b javax.net.ssl.SSLException -> L2d
            a(r1)
            a(r12)
            a(r14)
            if (r4 == 0) goto L52
            r4.release()
        L52:
            return
        L53:
            r0 = move-exception
            r14 = r1
            goto L80
        L56:
            r0 = move-exception
            r14 = r1
            goto L63
        L59:
            r0 = move-exception
            r14 = r1
            goto L68
        L5c:
            r0 = move-exception
            r12 = r1
            r14 = r12
            goto L80
        L60:
            r0 = move-exception
            r12 = r1
            r14 = r12
        L63:
            r3 = r4
            goto L72
        L65:
            r0 = move-exception
            r12 = r1
            r14 = r12
        L68:
            r3 = r4
            goto L7d
        L6a:
            r0 = move-exception
            r12 = r1
            r14 = r12
        L6d:
            r4 = r3
            goto L80
        L6f:
            r0 = move-exception
            r12 = r1
            r14 = r12
        L72:
            javax.net.ssl.SSLException r4 = new javax.net.ssl.SSLException     // Catch: java.lang.Throwable -> L7e
            java.lang.String r5 = "failed to set certificate and key"
            r4.<init>(r5, r0)     // Catch: java.lang.Throwable -> L7e
            throw r4     // Catch: java.lang.Throwable -> L7e
        L7a:
            r0 = move-exception
            r12 = r1
            r14 = r12
        L7d:
            throw r0     // Catch: java.lang.Throwable -> L7e
        L7e:
            r0 = move-exception
            goto L6d
        L80:
            a(r1)
            a(r12)
            a(r14)
            if (r4 == 0) goto L8e
            r4.release()
        L8e:
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: io.netty.handler.ssl.aj.a(long, java.security.cert.X509Certificate[], java.security.PrivateKey, java.lang.String):void");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509KeyManager x509KeyManager) {
        return PlatformDependent.c() >= 7 && (x509KeyManager instanceof X509ExtendedKeyManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509TrustManager x509TrustManager) {
        return PlatformDependent.c() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    public abstract ad a();

    @Override // io.netty.handler.ssl.al
    public final SSLEngine a(io.netty.buffer.k kVar, String str, int i2) {
        return b(kVar, str, i2);
    }

    SSLEngine b(io.netty.buffer.k kVar, String str, int i2) {
        return new ReferenceCountedOpenSslEngine(this, kVar, str, i2, true);
    }

    @Override // io.netty.handler.ssl.al
    public final boolean b() {
        return this.r == 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract aa c();

    public io.netty.handler.ssl.a e() {
        return this.q;
    }

    final void f() {
        synchronized (aj.class) {
            if (this.f12371a != 0) {
                SSLContext.free(this.f12371a);
                this.f12371a = 0L;
            }
            if (this.b != 0) {
                Pool.destroy(this.b);
                this.b = 0L;
            }
        }
    }

    @Override // io.netty.util.o
    public final int refCnt() {
        return this.t.refCnt();
    }

    @Override // io.netty.util.o
    public final boolean release() {
        return this.t.release();
    }

    @Override // io.netty.util.o
    public final boolean release(int i2) {
        return this.t.release(i2);
    }

    @Override // io.netty.util.o
    public final io.netty.util.o retain() {
        this.t.retain();
        return this;
    }

    @Override // io.netty.util.o
    public final io.netty.util.o touch(Object obj) {
        this.t.touch(obj);
        return this;
    }
}
