package io.netty.handler.ssl;

import androidx.recyclerview.widget.RecyclerView;
import bk.p;
import ej.e0;
import ej.f0;
import ej.h;
import ej.l;
import ej.v;
import ej.x;
import ej.z;
import io.netty.handler.codec.base64.Base64Dialect;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.internal.tcnative.CertificateVerifier;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import io.netty.internal.tcnative.SSLPrivateKeyMethod;
import io.netty.util.AbstractReferenceCounted;
import io.netty.util.ReferenceCounted;
import io.netty.util.ResourceLeakDetector;
import io.netty.util.internal.PlatformDependent;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Executor;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import oj.q;
import wj.g;
import wj.i;
import wj.j;
import yj.m;
import yj.o;

/* loaded from: classes2.dex */
public abstract class ReferenceCountedOpenSslContext extends f implements ReferenceCounted {
    public static final Integer h22;
    private volatile int bioNonApplicationBufferSize;
    public final int h10;
    public final o<ReferenceCountedOpenSslContext> h11;
    public final AbstractReferenceCounted h12;
    public final Certificate[] h13;
    public final ClientAuth h14;
    public final String[] h15;
    public final boolean h16;
    public final h h17;
    public final ReadWriteLock h18;

    /* renamed from: h5, reason: collision with root package name */
    public long f26342h5;

    /* renamed from: h6, reason: collision with root package name */
    public final List<String> f26343h6;

    /* renamed from: h7, reason: collision with root package name */
    public final long f26344h7;

    /* renamed from: h8, reason: collision with root package name */
    public final long f26345h8;

    /* renamed from: h9, reason: collision with root package name */
    public final io.netty.handler.ssl.d f26346h9;
    public static final ck.a h19 = ck.b.b(ReferenceCountedOpenSslContext.class);
    public static final int h20 = Math.max(1, p.e("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", RecyclerView.ItemAnimator.FLAG_MOVED));
    public static final boolean h21 = p.d("io.netty.handler.ssl.openssl.useTasks", false);
    public static final ResourceLeakDetector<ReferenceCountedOpenSslContext> h23 = m.b().c(ReferenceCountedOpenSslContext.class);
    public static final io.netty.handler.ssl.d h24 = new b();

    /* loaded from: classes2.dex */
    public class a extends AbstractReferenceCounted {

        /* renamed from: b, reason: collision with root package name */
        public static final /* synthetic */ boolean f26347b = true;

        public a() {
        }

        @Override // io.netty.util.AbstractReferenceCounted
        public void deallocate() {
            l lVar;
            ReferenceCountedOpenSslContext referenceCountedOpenSslContext = ReferenceCountedOpenSslContext.this;
            Lock writeLock = referenceCountedOpenSslContext.h18.writeLock();
            writeLock.lock();
            try {
                long j10 = referenceCountedOpenSslContext.f26342h5;
                if (j10 != 0) {
                    if (referenceCountedOpenSslContext.h16) {
                        SSLContext.disableOcsp(j10);
                    }
                    SSLContext.free(referenceCountedOpenSslContext.f26342h5);
                    referenceCountedOpenSslContext.f26342h5 = 0L;
                    i sessionContext = referenceCountedOpenSslContext.sessionContext();
                    if (sessionContext != null && (lVar = sessionContext.f33502b) != null) {
                        lVar.b();
                    }
                }
                writeLock.unlock();
                ReferenceCountedOpenSslContext referenceCountedOpenSslContext2 = ReferenceCountedOpenSslContext.this;
                o<ReferenceCountedOpenSslContext> oVar = referenceCountedOpenSslContext2.h11;
                if (oVar != null) {
                    boolean b10 = oVar.b(referenceCountedOpenSslContext2);
                    if (!f26347b && !b10) {
                        throw new AssertionError();
                    }
                }
            } catch (Throwable th2) {
                writeLock.unlock();
                throw th2;
            }
        }

        @Override // io.netty.util.ReferenceCounted
        public ReferenceCounted touch(Object obj) {
            o<ReferenceCountedOpenSslContext> oVar = ReferenceCountedOpenSslContext.this.h11;
            if (oVar != null) {
                oVar.c(obj);
            }
            return ReferenceCountedOpenSslContext.this;
        }
    }

    /* loaded from: classes2.dex */
    public static class b implements io.netty.handler.ssl.d {
        @Override // io.netty.handler.ssl.d
        public ApplicationProtocolConfig.SelectorFailureBehavior a() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // wj.a
        public List<String> b() {
            return Collections.emptyList();
        }

        @Override // io.netty.handler.ssl.d
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior f() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }

        @Override // io.netty.handler.ssl.d
        public ApplicationProtocolConfig.Protocol protocol() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }
    }

    /* loaded from: classes2.dex */
    public static abstract class c extends CertificateVerifier {

        /* renamed from: a, reason: collision with root package name */
        public final h f26349a;

        public c(h hVar) {
            this.f26349a = hVar;
        }
    }

    /* loaded from: classes2.dex */
    public static final class d implements h {

        /* renamed from: a, reason: collision with root package name */
        public final Map<Long, ReferenceCountedOpenSslEngine> f26350a;

        public d() {
            this.f26350a = PlatformDependent.R();
        }

        public /* synthetic */ d(a aVar) {
            this();
        }
    }

    /* loaded from: classes2.dex */
    public static final class e implements SSLPrivateKeyMethod {

        /* renamed from: a, reason: collision with root package name */
        public final h f26351a;

        public e(h hVar, g gVar) {
            this.f26351a = hVar;
        }
    }

    static {
        Integer num;
        String b10;
        try {
            b10 = p.b("jdk.tls.ephemeralDHKeySize");
        } catch (Throwable unused) {
        }
        if (b10 != null) {
            try {
                num = Integer.valueOf(b10);
            } catch (NumberFormatException unused2) {
                h19.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + b10);
            }
            h22 = num;
        }
        num = null;
        h22 = num;
    }

    public ReferenceCountedOpenSslContext(Iterable<String> iterable, wj.b bVar, ApplicationProtocolConfig applicationProtocolConfig, long j10, long j11, int i10, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z10, boolean z11, boolean z12) throws SSLException {
        this(iterable, bVar, h2(applicationProtocolConfig), j10, j11, i10, certificateArr, clientAuth, strArr, z10, z11, z12);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public ReferenceCountedOpenSslContext(Iterable<String> iterable, wj.b bVar, io.netty.handler.ssl.d dVar, long j10, long j11, int i10, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z10, boolean z11, boolean z12) throws SSLException {
        super(z10);
        this.h12 = new a();
        this.h17 = new d(0 == true ? 1 : 0);
        this.h18 = new ReentrantReadWriteLock();
        this.bioNonApplicationBufferSize = h20;
        wj.d.b();
        if (z11 && !wj.d.l()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i10 != 1 && i10 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.h11 = z12 ? h23.f(this) : null;
        this.h10 = i10;
        this.h14 = isServer() ? (ClientAuth) bk.h.b(clientAuth, "clientAuth") : ClientAuth.NONE;
        this.h15 = strArr;
        this.h16 = z11;
        this.h13 = certificateArr != null ? (Certificate[]) certificateArr.clone() : null;
        List<String> asList = Arrays.asList(((wj.b) bk.h.b(bVar, "cipherFilter")).a(iterable, wj.d.f33484c, wj.d.a()));
        this.f26343h6 = asList;
        this.f26346h9 = (io.netty.handler.ssl.d) bk.h.b(dVar, "apn");
        try {
            boolean g10 = wj.d.g();
            try {
                this.f26342h5 = SSLContext.make(g10 ? 62 : 30, i10);
                StringBuilder sb2 = new StringBuilder();
                StringBuilder sb3 = new StringBuilder();
                try {
                    try {
                        if (asList.isEmpty()) {
                            SSLContext.setCipherSuite(this.f26342h5, "", false);
                            if (g10) {
                                SSLContext.setCipherSuite(this.f26342h5, "", true);
                            }
                        } else {
                            f0.c(asList, sb2, sb3, wj.d.f());
                            SSLContext.setCipherSuite(this.f26342h5, sb2.toString(), false);
                            if (g10) {
                                SSLContext.setCipherSuite(this.f26342h5, sb3.toString(), true);
                            }
                        }
                        int options = SSLContext.getOptions(this.f26342h5) | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_CIPHER_SERVER_PREFERENCE | SSL.SSL_OP_NO_COMPRESSION | SSL.SSL_OP_NO_TICKET;
                        SSLContext.setOptions(this.f26342h5, sb2.length() == 0 ? options | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1 | SSL.SSL_OP_NO_TLSv1_1 | SSL.SSL_OP_NO_TLSv1_2 : options);
                        long j12 = this.f26342h5;
                        SSLContext.setMode(j12, SSLContext.getMode(j12) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
                        Integer num = h22;
                        if (num != null) {
                            SSLContext.setTmpDHLength(this.f26342h5, num.intValue());
                        }
                        List<String> b10 = dVar.b();
                        if (!b10.isEmpty()) {
                            String[] strArr2 = (String[]) b10.toArray(new String[0]);
                            int h25 = h2(dVar.a());
                            int ordinal = dVar.protocol().ordinal();
                            if (ordinal == 1) {
                                SSLContext.setNpnProtos(this.f26342h5, strArr2, h25);
                            } else if (ordinal == 2) {
                                SSLContext.setAlpnProtos(this.f26342h5, strArr2, h25);
                            } else {
                                if (ordinal != 3) {
                                    throw new Error();
                                }
                                SSLContext.setNpnProtos(this.f26342h5, strArr2, h25);
                                SSLContext.setAlpnProtos(this.f26342h5, strArr2, h25);
                            }
                        }
                        long sessionCacheSize = j10 <= 0 ? SSLContext.setSessionCacheSize(this.f26342h5, 20480L) : j10;
                        this.f26344h7 = sessionCacheSize;
                        SSLContext.setSessionCacheSize(this.f26342h5, sessionCacheSize);
                        long sessionCacheTimeout = j11 <= 0 ? SSLContext.setSessionCacheTimeout(this.f26342h5, 300L) : j11;
                        this.f26345h8 = sessionCacheTimeout;
                        SSLContext.setSessionCacheTimeout(this.f26342h5, sessionCacheTimeout);
                        if (z11) {
                            SSLContext.enableOcsp(this.f26342h5, isClient());
                        }
                        SSLContext.setUseTasks(this.f26342h5, h21);
                    } catch (SSLException e10) {
                        throw e10;
                    }
                } catch (Exception e11) {
                    throw new SSLException("failed to set cipher suite: " + this.f26343h6, e11);
                }
            } catch (Exception e12) {
                throw new SSLException("failed to create an SSL_CTX", e12);
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    public static int h2(ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior) {
        int ordinal = selectorFailureBehavior.ordinal();
        if (ordinal == 1) {
            return 0;
        }
        if (ordinal == 2) {
            return 1;
        }
        throw new Error();
    }

    public static long h2(oj.d dVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int b12 = dVar.b1();
            if (SSL.bioWrite(newMemBIO, wj.d.c(dVar) + dVar.c1(), b12) == b12) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            dVar.release();
        }
    }

    public static long h2(oj.e eVar, x xVar) throws Exception {
        try {
            oj.d content = xVar.content();
            if (content.A0()) {
                return h2(content.i1());
            }
            oj.d directBuffer = eVar.directBuffer(content.b1());
            try {
                directBuffer.F1(content, content.c1(), content.b1());
                long h25 = h2(directBuffer.i1());
                try {
                    if (xVar.isSensitive()) {
                        ck.a aVar = e0.f24298a;
                        if (!directBuffer.B0()) {
                            directBuffer.t1(0, directBuffer.H());
                        }
                    }
                    return h25;
                } finally {
                }
            } catch (Throwable th2) {
                try {
                    if (xVar.isSensitive()) {
                        e0.i(directBuffer);
                    }
                    throw th2;
                } finally {
                }
            }
        } finally {
            xVar.release();
        }
    }

    public static long h2(oj.e eVar, PrivateKey privateKey) throws Exception {
        x xVar;
        if (privateKey == null) {
            return 0L;
        }
        byte[] bArr = PemPrivateKey.f26332h3;
        if (privateKey instanceof x) {
            xVar = ((x) privateKey).retain();
        } else {
            byte[] encoded = privateKey.getEncoded();
            if (encoded == null) {
                throw new IllegalArgumentException(privateKey.getClass().getName() + " does not support encoding");
            }
            oj.d c10 = q.c(encoded);
            try {
                ck.a aVar = e0.f24298a;
                oj.d e10 = uj.a.e(c10, c10.c1(), c10.b1(), true, Base64Dialect.STANDARD, eVar);
                c10.d1(c10.I1());
                try {
                    byte[] bArr2 = PemPrivateKey.f26332h3;
                    int length = bArr2.length + e10.b1();
                    byte[] bArr3 = PemPrivateKey.f26333h4;
                    oj.d directBuffer = eVar.directBuffer(length + bArr3.length);
                    try {
                        directBuffer.G1(bArr2);
                        directBuffer.E1(e10);
                        directBuffer.G1(bArr3);
                        z zVar = new z(directBuffer, true);
                        if (!e10.B0()) {
                            e10.t1(0, e10.H());
                        }
                        e10.release();
                        if (!c10.B0()) {
                            c10.t1(0, c10.H());
                        }
                        c10.release();
                        xVar = zVar;
                    } catch (Throwable th2) {
                        e0.o(directBuffer);
                        throw th2;
                    }
                } catch (Throwable th3) {
                    e0.o(e10);
                    throw th3;
                }
            } catch (Throwable th4) {
                e0.o(c10);
                throw th4;
            }
        }
        try {
            return h2(eVar, xVar.retain());
        } finally {
            xVar.release();
        }
    }

    public static long h2(oj.e eVar, X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        x h25 = PemX509Certificate.h2(eVar, true, x509CertificateArr);
        try {
            return h2(eVar, h25.retain());
        } finally {
            h25.release();
        }
    }

    public static l h2(KeyManagerFactory keyManagerFactory, String str) {
        if (keyManagerFactory instanceof wj.l) {
            return ((wj.l) keyManagerFactory).f33506a.a();
        }
        if (!(keyManagerFactory instanceof wj.e)) {
            return new l(h2(keyManagerFactory.getKeyManagers()), str);
        }
        wj.e eVar = (wj.e) keyManagerFactory;
        X509KeyManager h25 = h2(eVar.getKeyManagers());
        return "sun.security.ssl.X509KeyManagerImpl".equals(h25.getClass().getName()) ? new l(h25, str) : new ej.g(h2(eVar.getKeyManagers()), str, eVar.f33496a);
    }

    public static io.netty.handler.ssl.d h2(ApplicationProtocolConfig applicationProtocolConfig) {
        int ordinal;
        if (applicationProtocolConfig != null && (ordinal = applicationProtocolConfig.a().ordinal()) != 0) {
            if (ordinal != 1 && ordinal != 2 && ordinal != 3) {
                throw new Error();
            }
            int ordinal2 = applicationProtocolConfig.b().ordinal();
            if (ordinal2 != 0 && ordinal2 != 2) {
                throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.b() + " behavior");
            }
            int ordinal3 = applicationProtocolConfig.c().ordinal();
            if (ordinal3 == 1 || ordinal3 == 2) {
                return new io.netty.handler.ssl.e(applicationProtocolConfig);
            }
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.c() + " behavior");
        }
        return h24;
    }

    public static X509KeyManager h2(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    public static X509TrustManager h2(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                if (PlatformDependent.P() < 7) {
                    return (X509TrustManager) trustManager;
                }
                return v.f24361b.a((X509TrustManager) trustManager);
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static void h2(long j10) {
        if (j10 != 0) {
            SSL.freeBIO(j10);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:30:0x00c0  */
    /* JADX WARN: Type inference failed for: r3v0 */
    /* JADX WARN: Type inference failed for: r3v21 */
    /* JADX WARN: Type inference failed for: r3v8 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void h2(long r18, java.security.cert.X509Certificate[] r20, java.security.PrivateKey r21, java.lang.String r22) throws javax.net.ssl.SSLException {
        /*
            Method dump skipped, instructions count: 196
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.netty.handler.ssl.ReferenceCountedOpenSslContext.h2(long, java.security.cert.X509Certificate[], java.security.PrivateKey, java.lang.String):void");
    }

    @Override // io.netty.handler.ssl.f
    public wj.a applicationProtocolNegotiator() {
        return this.f26346h9;
    }

    @Override // io.netty.handler.ssl.f
    public final List<String> cipherSuites() {
        return this.f26343h6;
    }

    @Deprecated
    public final long context() {
        return sslCtxPointer();
    }

    public int getBioNonApplicationBufferSize() {
        return this.bioNonApplicationBufferSize;
    }

    @Deprecated
    public boolean getRejectRemoteInitiatedRenegotiation() {
        return true;
    }

    @Override // io.netty.handler.ssl.f
    public final SslHandler h2(oj.e eVar, String str, int i10, boolean z10) {
        return new SslHandler(h3(eVar, str, i10, false), z10);
    }

    @Override // io.netty.handler.ssl.f
    public SslHandler h2(oj.e eVar, String str, int i10, boolean z10, Executor executor) {
        return new SslHandler(h3(eVar, str, i10, false), executor);
    }

    @Override // io.netty.handler.ssl.f
    public final SslHandler h2(oj.e eVar, boolean z10) {
        return new SslHandler(h3(eVar, null, -1, false), z10);
    }

    @Override // io.netty.handler.ssl.f
    public SslHandler h2(oj.e eVar, boolean z10, Executor executor) {
        return new SslHandler(h3(eVar, null, -1, false), z10, executor);
    }

    public SSLEngine h3(oj.e eVar, String str, int i10, boolean z10) {
        return new ReferenceCountedOpenSslEngine(this, eVar, str, i10, z10, true);
    }

    @Override // io.netty.handler.ssl.f
    public final boolean isClient() {
        return this.h10 == 0;
    }

    @Override // io.netty.handler.ssl.f
    public final SSLEngine newEngine(oj.e eVar) {
        return newEngine(eVar, null, -1);
    }

    @Override // io.netty.handler.ssl.f
    public final SSLEngine newEngine(oj.e eVar, String str, int i10) {
        return h3(eVar, str, i10, true);
    }

    @Override // io.netty.util.ReferenceCounted
    public final int refCnt() {
        return this.h12.refCnt();
    }

    @Override // io.netty.util.ReferenceCounted
    public final boolean release() {
        return this.h12.release();
    }

    @Override // io.netty.util.ReferenceCounted
    public final boolean release(int i10) {
        return this.h12.release(i10);
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted retain() {
        this.h12.retain();
        return this;
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted retain(int i10) {
        this.h12.retain(i10);
        return this;
    }

    @Override // io.netty.handler.ssl.f
    public final long sessionCacheSize() {
        return this.f26344h7;
    }

    @Override // io.netty.handler.ssl.f
    public abstract i sessionContext();

    @Override // io.netty.handler.ssl.f
    public final long sessionTimeout() {
        return this.f26345h8;
    }

    public void setBioNonApplicationBufferSize(int i10) {
        this.bioNonApplicationBufferSize = bk.h.d(i10, "bioNonApplicationBufferSize");
    }

    public final void setPrivateKeyMethod(g gVar) {
        bk.h.b(gVar, "method");
        Lock writeLock = this.h18.writeLock();
        writeLock.lock();
        try {
            SSLContext.setPrivateKeyMethod(this.f26342h5, new e(this.h17, gVar));
        } finally {
            writeLock.unlock();
        }
    }

    @Deprecated
    public void setRejectRemoteInitiatedRenegotiation(boolean z10) {
        if (!z10) {
            throw new UnsupportedOperationException("Renegotiation is not supported");
        }
    }

    @Deprecated
    public final void setTicketKeys(byte[] bArr) {
        sessionContext().b(bArr);
    }

    public final void setUseTasks(boolean z10) {
        Lock writeLock = this.h18.writeLock();
        writeLock.lock();
        try {
            SSLContext.setUseTasks(this.f26342h5, z10);
        } finally {
            writeLock.unlock();
        }
    }

    @Deprecated
    public final long sslCtxPointer() {
        Lock readLock = this.h18.readLock();
        readLock.lock();
        try {
            return SSLContext.getSslCtx(this.f26342h5);
        } finally {
            readLock.unlock();
        }
    }

    @Deprecated
    public final j stats() {
        return sessionContext().d();
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted touch() {
        this.h12.touch();
        return this;
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted touch(Object obj) {
        this.h12.touch(obj);
        return this;
    }
}
