package io.netty.handler.ssl;

import com.huawei.hms.ads.ContentClassification;
import e8.s1;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import io.netty.util.ResourceLeakDetector;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public abstract class u0 extends a1 implements io.netty.util.y {

    /* renamed from: r, reason: collision with root package name */
    public static final Integer f11960r;

    /* renamed from: b, reason: collision with root package name */
    public long f11969b;

    /* renamed from: c, reason: collision with root package name */
    public final List f11970c;

    /* renamed from: d, reason: collision with root package name */
    public final e8.e0 f11971d;

    /* renamed from: e, reason: collision with root package name */
    public final int f11972e;

    /* renamed from: f, reason: collision with root package name */
    public final io.netty.util.e0 f11973f;

    /* renamed from: g, reason: collision with root package name */
    public final io.netty.util.c f11974g;

    /* renamed from: h, reason: collision with root package name */
    public final Certificate[] f11975h;

    /* renamed from: i, reason: collision with root package name */
    public final ClientAuth f11976i;

    /* renamed from: j, reason: collision with root package name */
    public final String[] f11977j;

    /* renamed from: k, reason: collision with root package name */
    public final boolean f11978k;

    /* renamed from: l, reason: collision with root package name */
    public final e8.i1 f11979l;

    /* renamed from: m, reason: collision with root package name */
    public final ReadWriteLock f11980m;

    /* renamed from: n, reason: collision with root package name */
    public volatile int f11981n;

    /* renamed from: o, reason: collision with root package name */
    public static final j8.a f11957o = u1.a.d(u0.class.getName());

    /* renamed from: p, reason: collision with root package name */
    public static final int f11958p = Math.max(1, i8.b0.d("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048));

    /* renamed from: q, reason: collision with root package name */
    public static final boolean f11959q = i8.b0.c("io.netty.handler.ssl.openssl.useTasks", false);

    /* renamed from: s, reason: collision with root package name */
    public static final ResourceLeakDetector f11961s = io.netty.util.c0.f12045c.a(u0.class);

    /* renamed from: t, reason: collision with root package name */
    public static final boolean f11962t = i8.b0.c("jdk.tls.client.enableSessionTicketExtension", false);

    /* renamed from: u, reason: collision with root package name */
    public static final boolean f11963u = i8.b0.c("jdk.tls.client.enableSessionTicketExtension", true);

    /* renamed from: v, reason: collision with root package name */
    public static final boolean f11964v = i8.b0.c("jdk.tls.server.enableSessionTicketExtension", false);

    /* renamed from: w, reason: collision with root package name */
    public static final boolean f11965w = i8.b0.c("jdk.tls.server.enableSessionTicketExtension", true);

    /* renamed from: x, reason: collision with root package name */
    public static final boolean f11966x = i8.b0.c("io.netty.handler.ssl.openssl.sessionCacheServer", true);

    /* renamed from: y, reason: collision with root package name */
    public static final boolean f11967y = i8.b0.c("io.netty.handler.ssl.openssl.sessionCacheClient", false);

    /* renamed from: z, reason: collision with root package name */
    public static final e8.e0 f11968z = new e8.g1();

    static {
        Integer num = null;
        try {
            String b10 = i8.b0.b("jdk.tls.ephemeralDHKeySize", null);
            if (b10 != null) {
                try {
                    num = Integer.valueOf(b10);
                } catch (NumberFormatException unused) {
                    f11957o.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + b10);
                }
            }
        } catch (Throwable unused2) {
        }
        f11960r = num;
    }

    public u0(Iterable iterable, e8.d dVar, e8.e0 e0Var, int i10, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z10, boolean z11, boolean z12, Map.Entry... entryArr) throws SSLException {
        super(z10);
        e8.n0 n0Var;
        ClientAuth clientAuth2;
        this.f11974g = new e8.f1(this);
        int i11 = 0;
        this.f11979l = new e8.i1(0);
        this.f11980m = new ReentrantReadWriteLock();
        this.f11981n = f11958p;
        Throwable th = b0.f11856b;
        if (th != null) {
            throw ((Error) new UnsatisfiedLinkError("failed to load the required native library").initCause(th));
        }
        if (z11 && !b0.f11862h) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i10 != 1 && i10 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        boolean z13 = f11959q;
        if (entryArr != null) {
            n0Var = null;
            for (Map.Entry entry : entryArr) {
                s1 s1Var = (s1) entry.getKey();
                if (s1Var == e8.j0.f9254g) {
                    ((Boolean) entry.getValue()).booleanValue();
                } else if (s1Var == e8.j0.f9253f) {
                    z13 = ((Boolean) entry.getValue()).booleanValue();
                } else if (s1Var == e8.j0.f9255h) {
                    n0Var = (e8.n0) entry.getValue();
                } else {
                    j8.a aVar = f11957o;
                    StringBuilder a10 = android.support.v4.media.a.a("Skipping unsupported ");
                    a10.append(s1.class.getSimpleName());
                    a10.append(": ");
                    a10.append(entry.getKey());
                    aVar.debug(a10.toString());
                }
            }
        } else {
            n0Var = null;
        }
        this.f11973f = z12 ? f11961s.c(this) : null;
        this.f11972e = i10;
        if (f()) {
            Objects.requireNonNull(clientAuth, "clientAuth");
            clientAuth2 = clientAuth;
        } else {
            clientAuth2 = ClientAuth.NONE;
        }
        this.f11976i = clientAuth2;
        this.f11977j = strArr;
        this.f11978k = z11;
        this.f11975h = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        Objects.requireNonNull(dVar, "cipherFilter");
        List asList = Arrays.asList(dVar.a(iterable, b0.f11857c, b0.f11860f));
        this.f11970c = asList;
        Objects.requireNonNull(e0Var, "apn");
        this.f11971d = e0Var;
        try {
            boolean z14 = b0.f11863i;
            try {
                this.f11969b = SSLContext.make(z14 ? 62 : 30, i10);
                StringBuilder sb2 = new StringBuilder();
                StringBuilder sb3 = new StringBuilder();
                try {
                    if (asList.isEmpty()) {
                        SSLContext.setCipherSuite(this.f11969b, ContentClassification.AD_CONTENT_CLASSIFICATION_UNKOWN, false);
                        if (z14) {
                            SSLContext.setCipherSuite(this.f11969b, ContentClassification.AD_CONTENT_CLASSIFICATION_UNKOWN, true);
                        }
                    } else {
                        e8.c.a(asList, sb2, sb3, b0.f11864j);
                        SSLContext.setCipherSuite(this.f11969b, sb2.toString(), false);
                        if (z14) {
                            SSLContext.setCipherSuite(this.f11969b, sb3.toString(), true);
                        }
                    }
                    int options = SSLContext.getOptions(this.f11969b) | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_CIPHER_SERVER_PREFERENCE | SSL.SSL_OP_NO_COMPRESSION | SSL.SSL_OP_NO_TICKET;
                    SSLContext.setOptions(this.f11969b, sb2.length() == 0 ? options | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1 | SSL.SSL_OP_NO_TLSv1_1 | SSL.SSL_OP_NO_TLSv1_2 : options);
                    long j10 = this.f11969b;
                    SSLContext.setMode(j10, SSLContext.getMode(j10) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
                    Integer num = f11960r;
                    if (num != null) {
                        SSLContext.setTmpDHLength(this.f11969b, num.intValue());
                    }
                    List d10 = e0Var.d();
                    if (!d10.isEmpty()) {
                        String[] strArr2 = (String[]) d10.toArray(new String[0]);
                        int i12 = e8.h1.f9247b[e0Var.b().ordinal()];
                        if (i12 != 1) {
                            if (i12 != 2) {
                                throw new Error();
                            }
                            i11 = 1;
                        }
                        int i13 = e8.h1.f9246a[e0Var.c().ordinal()];
                        if (i13 == 1) {
                            SSLContext.setNpnProtos(this.f11969b, strArr2, i11);
                        } else if (i13 == 2) {
                            SSLContext.setAlpnProtos(this.f11969b, strArr2, i11);
                        } else {
                            if (i13 != 3) {
                                throw new Error();
                            }
                            SSLContext.setNpnProtos(this.f11969b, strArr2, i11);
                            SSLContext.setAlpnProtos(this.f11969b, strArr2, i11);
                        }
                    }
                    if (z11) {
                        SSLContext.enableOcsp(this.f11969b, e());
                    }
                    SSLContext.setUseTasks(this.f11969b, z13);
                    if (n0Var != null) {
                        SSLContext.setPrivateKeyMethod(this.f11969b, new t0(this.f11979l, n0Var));
                    }
                } catch (SSLException e10) {
                    throw e10;
                } catch (Exception e11) {
                    throw new SSLException("failed to set cipher suite: " + this.f11970c, e11);
                }
            } catch (Exception e12) {
                throw new SSLException("failed to create an SSL_CTX", e12);
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    public static X509TrustManager l(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                j8.a aVar = io.netty.util.internal.k.f12159a;
                if (io.netty.util.internal.j.f12151h < 7) {
                    return (X509TrustManager) trustManager;
                }
                return e8.z0.f9311b.a((X509TrustManager) trustManager);
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static X509KeyManager m(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    public static void o(long j10) {
        if (j10 != 0) {
            SSL.freeBIO(j10);
        }
    }

    public static long p(u7.m mVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int X0 = mVar.X0();
            if (SSL.bioWrite(newMemBIO, b0.f(mVar) + mVar.Y0(), X0) == X0) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            mVar.release();
        }
    }

    public static g0 r(KeyManagerFactory keyManagerFactory, String str) {
        if (keyManagerFactory instanceof e8.v0) {
            v4.e0 e0Var = ((e8.v0) keyManagerFactory).f9290a.f11940b;
            if (e0Var != null) {
                return new e8.u0((X509KeyManager) e0Var.f17701b, (String) e0Var.f17702c, (Iterable) e0Var.f17703d);
            }
            throw new IllegalStateException("engineInit(...) not called yet");
        }
        if (!(keyManagerFactory instanceof e8.g0)) {
            return new g0(m(keyManagerFactory.getKeyManagers()), str);
        }
        e8.g0 g0Var = (e8.g0) keyManagerFactory;
        X509KeyManager m10 = m(g0Var.getKeyManagers());
        return "sun.security.ssl.X509KeyManagerImpl".equals(m10.getClass().getName()) ? new g0(m10, str) : new e8.f0(m(g0Var.getKeyManagers()), str, g0Var.f9242a);
    }

    public static void t(long j10, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j11;
        long j12;
        long j13 = 0;
        e8.a1 a1Var = null;
        try {
            try {
                u7.n nVar = u7.n.f17463a;
                a1Var = PemX509Certificate.toPEM(nVar, true, x509CertificateArr);
                j12 = u(nVar, a1Var.retain());
                try {
                    long u10 = u(nVar, a1Var.retain());
                    if (privateKey != null) {
                        try {
                            j13 = v(nVar, privateKey);
                        } catch (SSLException e10) {
                            throw e10;
                        } catch (Exception e11) {
                            e = e11;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j10, j12, j13, str == null ? ContentClassification.AD_CONTENT_CLASSIFICATION_UNKOWN : str);
                        SSLContext.setCertificateChainBio(j10, u10, true);
                        o(j13);
                        o(j12);
                        o(u10);
                        a1Var.release();
                    } catch (SSLException e12) {
                        throw e12;
                    } catch (Exception e13) {
                        e = e13;
                        throw new SSLException("failed to set certificate and key", e);
                    } catch (Throwable th) {
                        th = th;
                        j11 = u10;
                        o(j13);
                        o(j12);
                        o(j11);
                        if (a1Var != null) {
                            a1Var.release();
                        }
                        throw th;
                    }
                } catch (SSLException e14) {
                    throw e14;
                } catch (Exception e15) {
                    e = e15;
                } catch (Throwable th2) {
                    th = th2;
                    j11 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e16) {
            throw e16;
        } catch (Exception e17) {
            e = e17;
        } catch (Throwable th4) {
            th = th4;
            j11 = 0;
            j12 = 0;
        }
    }

    public static long u(u7.n nVar, e8.a1 a1Var) throws Exception {
        try {
            u7.m content = a1Var.content();
            if (content.o0()) {
                return p(content.e1());
            }
            u7.m h10 = ((u7.c) nVar).h(content.X0());
            try {
                h10.F1(content, content.Y0(), content.X0());
                long p10 = p(h10.e1());
                try {
                    if (a1Var.isSensitive()) {
                        j1.l(h10);
                    }
                    return p10;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (a1Var.isSensitive()) {
                        j1.l(h10);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            a1Var.release();
        }
    }

    public static long v(u7.n nVar, PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        e8.a1 pem = PemPrivateKey.toPEM(nVar, true, privateKey);
        try {
            return u(nVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    public static long w(u7.n nVar, X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        e8.a1 pem = PemX509Certificate.toPEM(nVar, true, x509CertificateArr);
        try {
            return u(nVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    public static e8.e0 x(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return f11968z;
        }
        int i10 = e8.h1.f9246a[applicationProtocolConfig.f11849b.ordinal()];
        if (i10 != 1 && i10 != 2 && i10 != 3) {
            if (i10 == 4) {
                return f11968z;
            }
            throw new Error();
        }
        int i11 = e8.h1.f9248c[applicationProtocolConfig.f11851d.ordinal()];
        if (i11 != 1 && i11 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.f11851d + " behavior");
        }
        int i12 = e8.h1.f9247b[applicationProtocolConfig.f11850c.ordinal()];
        if (i12 == 1 || i12 == 2) {
            return new e8.k0(applicationProtocolConfig);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.f11850c + " behavior");
    }

    @Override // io.netty.handler.ssl.a1
    public e8.b a() {
        return this.f11971d;
    }

    @Override // io.netty.handler.ssl.a1
    public final boolean e() {
        return this.f11972e == 0;
    }

    @Override // io.netty.handler.ssl.a1
    public final SSLEngine h(u7.n nVar, String str, int i10) {
        return q(nVar, str, i10, true);
    }

    public final void n() {
        Lock writeLock = this.f11980m.writeLock();
        writeLock.lock();
        try {
            long j10 = this.f11969b;
            if (j10 != 0) {
                if (this.f11978k) {
                    SSLContext.disableOcsp(j10);
                }
                SSLContext.free(this.f11969b);
                this.f11969b = 0L;
                l0 s10 = s();
                if (s10 != null) {
                    g0 g0Var = s10.f11931a;
                    if (g0Var != null) {
                        g0Var.b();
                    }
                    s10.f11933c.a();
                }
            }
        } finally {
            writeLock.unlock();
        }
    }

    public SSLEngine q(u7.n nVar, String str, int i10, boolean z10) {
        return new x0(this, nVar, str, i10, z10, true);
    }

    @Override // io.netty.util.y
    public final int refCnt() {
        return this.f11974g.refCnt();
    }

    @Override // io.netty.util.y
    public final boolean release() {
        return this.f11974g.release();
    }

    @Override // io.netty.util.y
    public final io.netty.util.y retain() {
        this.f11974g.retain();
        return this;
    }

    public abstract l0 s();

    @Override // io.netty.util.y
    public final io.netty.util.y touch(Object obj) {
        this.f11974g.touch(obj);
        return this;
    }
}
