package io.netty.c.c;

import io.netty.c.c.a;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicIntegerFieldUpdater;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSLContext;

/* compiled from: OpenSslContext.java */
/* loaded from: classes.dex */
public abstract class x extends ak {

    /* renamed from: a, reason: collision with root package name */
    protected static final int f13174a = 10;
    private static final List<String> g;
    private static final AtomicIntegerFieldUpdater<x> h;

    /* renamed from: b, reason: collision with root package name */
    protected final long f13178b;
    private final long i;
    private volatile int j;
    private volatile boolean k;
    private final List<String> l;
    private final long m;
    private final long n;
    private final aa o;
    private final v p;
    private final int q;

    /* renamed from: d, reason: collision with root package name */
    private static final io.netty.d.c.b.f f13176d = io.netty.d.c.b.g.a((Class<?>) x.class);

    /* renamed from: f, reason: collision with root package name */
    private static final boolean f13177f = io.netty.d.c.y.a("jdk.tls.rejectClientInitiatedRenegotiation", false);

    /* renamed from: c, reason: collision with root package name */
    static final v f13175c = new v() { // from class: io.netty.c.c.x.1
        @Override // io.netty.c.c.b
        public List<String> a() {
            return Collections.emptyList();
        }

        @Override // io.netty.c.c.v
        public a.EnumC0242a b() {
            return a.EnumC0242a.NONE;
        }

        @Override // io.netty.c.c.v
        public a.c c() {
            return a.c.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.netty.c.c.v
        public a.b d() {
            return a.b.ACCEPT;
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: OpenSslContext.java */
    /* loaded from: classes2.dex */
    public abstract class a implements CertificateVerifier {
        /* JADX INFO: Access modifiers changed from: package-private */
        public a() {
        }

        abstract void a(z zVar, X509Certificate[] x509CertificateArr, String str) throws Exception;

        public final boolean a(long j, byte[][] bArr, String str) {
            X509Certificate[] a2 = x.a(bArr);
            z a3 = x.this.o.a(j);
            try {
                a(a3, a2, str);
                return true;
            } catch (Throwable th) {
                x.f13176d.b("verification of certificate failed", th);
                SSLHandshakeException sSLHandshakeException = new SSLHandshakeException("General OpenSslEngine problem");
                sSLHandshakeException.initCause(th);
                a3.f13191c = sSLHandshakeException;
                return false;
            }
        }
    }

    /* compiled from: OpenSslContext.java */
    /* loaded from: classes2.dex */
    private static final class b implements aa {

        /* renamed from: b, reason: collision with root package name */
        private final Map<Long, z> f13183b;

        private b() {
            this.f13183b = io.netty.d.c.s.m();
        }

        @Override // io.netty.c.c.aa
        public z a(long j) {
            return this.f13183b.remove(Long.valueOf(j));
        }

        @Override // io.netty.c.c.aa
        public void a(z zVar) {
            this.f13183b.put(Long.valueOf(zVar.b()), zVar);
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA", "RC4-SHA");
        g = Collections.unmodifiableList(arrayList);
        if (f13176d.c()) {
            f13176d.b("Default cipher suite (OpenSSL): " + arrayList);
        }
        AtomicIntegerFieldUpdater<x> b2 = io.netty.d.c.s.b((Class<?>) x.class, "j");
        if (b2 == null) {
            b2 = AtomicIntegerFieldUpdater.newUpdater(x.class, "j");
        }
        h = b2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public x(Iterable<String> iterable, e eVar, io.netty.c.c.a aVar, long j, long j2, int i) throws SSLException {
        this(iterable, eVar, a(aVar), j, j2, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public x(Iterable<String> iterable, e eVar, v vVar, long j, long j2, int i) throws SSLException {
        ArrayList arrayList;
        this.o = new b();
        u.e();
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.q = i;
        if (i == 1) {
            this.k = f13177f;
        }
        if (iterable != null) {
            ArrayList arrayList2 = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (true) {
                if (!it.hasNext()) {
                    arrayList = arrayList2;
                    break;
                }
                String next = it.next();
                if (next == null) {
                    arrayList = arrayList2;
                    break;
                }
                String a2 = d.a(next);
                if (a2 != null) {
                    next = a2;
                }
                arrayList2.add(next);
            }
        } else {
            arrayList = null;
        }
        this.l = Arrays.asList(((e) io.netty.d.c.p.a(eVar, "cipherFilter")).a(arrayList, g, u.g()));
        this.p = (v) io.netty.d.c.p.a(vVar, "apn");
        this.i = Pool.create(0L);
        try {
            synchronized (x.class) {
                try {
                    this.f13178b = SSLContext.make(this.i, 28, i);
                    SSLContext.setOptions(this.f13178b, 4095);
                    SSLContext.setOptions(this.f13178b, 16777216);
                    SSLContext.setOptions(this.f13178b, 33554432);
                    SSLContext.setOptions(this.f13178b, 4194304);
                    SSLContext.setOptions(this.f13178b, 524288);
                    SSLContext.setOptions(this.f13178b, 1048576);
                    SSLContext.setOptions(this.f13178b, 65536);
                    try {
                        SSLContext.setCipherSuite(this.f13178b, d.a(this.l));
                        List<String> a3 = vVar.a();
                        if (!a3.isEmpty()) {
                            String[] strArr = (String[]) a3.toArray(new String[a3.size()]);
                            int a4 = a(vVar.c());
                            switch (vVar.b()) {
                                case NPN:
                                    SSLContext.setNpnProtos(this.f13178b, strArr, a4);
                                    break;
                                case ALPN:
                                    SSLContext.setAlpnProtos(this.f13178b, strArr, a4);
                                    break;
                                case NPN_AND_ALPN:
                                    SSLContext.setNpnProtos(this.f13178b, strArr, a4);
                                    SSLContext.setAlpnProtos(this.f13178b, strArr, a4);
                                    break;
                                default:
                                    throw new Error();
                            }
                        }
                        if (j > 0) {
                            this.m = j;
                            SSLContext.setSessionCacheSize(this.f13178b, j);
                        } else {
                            long sessionCacheSize = SSLContext.setSessionCacheSize(this.f13178b, 20480L);
                            this.m = sessionCacheSize;
                            SSLContext.setSessionCacheSize(this.f13178b, sessionCacheSize);
                        }
                        if (j2 > 0) {
                            this.n = j2;
                            SSLContext.setSessionCacheTimeout(this.f13178b, j2);
                        } else {
                            long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.f13178b, 300L);
                            this.n = sessionCacheTimeout;
                            SSLContext.setSessionCacheTimeout(this.f13178b, sessionCacheTimeout);
                        }
                    } catch (SSLException e2) {
                        throw e2;
                    } catch (Exception e3) {
                        throw new SSLException("failed to set cipher suite: " + this.l, e3);
                    }
                } catch (Exception e4) {
                    throw new SSLException("failed to create an SSL_CTX", e4);
                }
            }
        } catch (Throwable th) {
            j();
            throw th;
        }
    }

    private static int a(a.c cVar) {
        switch (cVar) {
            case NO_ADVERTISE:
                return 0;
            case CHOOSE_MY_LAST_PROTOCOL:
                return 1;
            default:
                throw new Error();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static v a(io.netty.c.c.a aVar) {
        if (aVar == null) {
            return f13175c;
        }
        switch (aVar.b()) {
            case NPN:
            case ALPN:
            case NPN_AND_ALPN:
                switch (aVar.d()) {
                    case CHOOSE_MY_LAST_PROTOCOL:
                    case ACCEPT:
                        switch (aVar.c()) {
                            case NO_ADVERTISE:
                            case CHOOSE_MY_LAST_PROTOCOL:
                                return new y(aVar);
                            default:
                                throw new UnsupportedOperationException("OpenSSL provider does not support " + aVar.c() + " behavior");
                        }
                    default:
                        throw new UnsupportedOperationException("OpenSSL provider does not support " + aVar.d() + " behavior");
                }
            case NONE:
                return f13175c;
            default:
                throw new Error();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509TrustManager x509TrustManager) {
        return io.netty.d.c.s.d() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    protected static X509Certificate[] a(byte[][] bArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr[i] = new ag(bArr[i]);
        }
        return x509CertificateArr;
    }

    @Override // io.netty.c.c.ak
    public final SSLEngine a(io.netty.b.g gVar) {
        z zVar = new z(this.f13178b, gVar, a(), c(), this.p, this.o, this.k);
        this.o.a(zVar);
        return zVar;
    }

    @Override // io.netty.c.c.ak
    public final SSLEngine a(io.netty.b.g gVar, String str, int i) {
        throw new UnsupportedOperationException();
    }

    public void a(boolean z) {
        this.k = z;
    }

    @Deprecated
    public final void a(byte[] bArr) {
        c().b(bArr);
    }

    @Override // io.netty.c.c.ak
    public final boolean a() {
        return this.q == 0;
    }

    @Override // io.netty.c.c.ak
    /* renamed from: b */
    public abstract ae c();

    @Override // io.netty.c.c.ak
    public final List<String> d() {
        return this.l;
    }

    @Override // io.netty.c.c.ak
    public final long e() {
        return this.m;
    }

    @Override // io.netty.c.c.ak
    public final long f() {
        return this.n;
    }

    protected final void finalize() throws Throwable {
        super.finalize();
        synchronized (x.class) {
            if (this.f13178b != 0) {
                SSLContext.free(this.f13178b);
            }
        }
        j();
    }

    public final long g() {
        return this.f13178b;
    }

    @Override // io.netty.c.c.ak
    public io.netty.c.c.b h() {
        return this.p;
    }

    @Deprecated
    public final af i() {
        return c().b();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void j() {
        if (this.i == 0 || !h.compareAndSet(this, 0, 1)) {
            return;
        }
        Pool.destroy(this.i);
    }
}
