package defpackage;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.OpenSslCertificateException;
import io.netty.handler.ssl.PemPrivateKey;
import io.netty.handler.ssl.PemX509Certificate;
import io.netty.internal.tcnative.CertificateVerifier;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import io.netty.util.ResourceLeakDetector;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes5.dex */
public abstract class eep extends eev implements ehp {
    private static final List<String> evU;
    private static final Integer exh;
    protected static final int exi = 10;
    private final eht<eep> eeT;
    final ClientAuth evY;
    final edz exc;
    protected long exj;
    private final List<String> exk;
    private final long exl;
    private final long exm;
    private final edu exn;
    private final egs exo;
    final Certificate[] exq;
    final boolean exr;
    final ReadWriteLock exs;
    private volatile boolean exu;
    private volatile int exv;
    private final int mode;
    final String[] protocols;
    private static final elt logger = elu.af(eep.class);
    private static final boolean exf = ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: eep.1
        @Override // java.security.PrivilegedAction
        /* renamed from: bmA, reason: merged with bridge method [inline-methods] */
        public Boolean run() {
            return Boolean.valueOf(ell.getBoolean("jdk.tls.rejectClientInitiatedRenegotiation", false));
        }
    })).booleanValue();
    private static final int exg = ((Integer) AccessController.doPrivileged(new PrivilegedAction<Integer>() { // from class: eep.2
        @Override // java.security.PrivilegedAction
        /* renamed from: bno, reason: merged with bridge method [inline-methods] */
        public Integer run() {
            return Integer.valueOf(Math.max(1, ell.getInt("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048)));
        }
    })).intValue();
    private static final ResourceLeakDetector<eep> ebv = ehr.bqf().aa(eep.class);
    static final edu exw = new edu() { // from class: eep.4
        @Override // defpackage.edu
        public ApplicationProtocolConfig.Protocol blP() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }

        @Override // defpackage.edu
        public ApplicationProtocolConfig.SelectorFailureBehavior blQ() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // defpackage.edu
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior blR() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }

        @Override // defpackage.ecy
        public List<String> protocols() {
            return Collections.emptyList();
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public static abstract class a extends CertificateVerifier {
        private final edz exc;

        /* JADX INFO: Access modifiers changed from: package-private */
        public a(edz edzVar) {
            this.exc = edzVar;
        }

        public final int a(long j, byte[][] bArr, String str) {
            X509Certificate[] d = eep.d(bArr);
            eeq fk = this.exc.fk(j);
            try {
                a(fk, d, str);
                return CertificateVerifier.X509_V_OK;
            } catch (Throwable th) {
                eep.logger.debug("verification of certificate failed", th);
                SSLHandshakeException sSLHandshakeException = new SSLHandshakeException("General OpenSslEngine problem");
                sSLHandshakeException.initCause(th);
                fk.eyf = sSLHandshakeException;
                if (th instanceof OpenSslCertificateException) {
                    return ((OpenSslCertificateException) th).errorCode();
                }
                if (th instanceof CertificateExpiredException) {
                    return CertificateVerifier.X509_V_ERR_CERT_HAS_EXPIRED;
                }
                if (th instanceof CertificateNotYetValidException) {
                    return CertificateVerifier.X509_V_ERR_CERT_NOT_YET_VALID;
                }
                if (elc.bsp() >= 7) {
                    if (th instanceof CertificateRevokedException) {
                        return CertificateVerifier.X509_V_ERR_CERT_REVOKED;
                    }
                    for (Throwable cause = th.getCause(); cause != null; cause = cause.getCause()) {
                        if (cause instanceof CertPathValidatorException) {
                            CertPathValidatorException.Reason reason = ((CertPathValidatorException) cause).getReason();
                            if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
                                return CertificateVerifier.X509_V_ERR_CERT_HAS_EXPIRED;
                            }
                            if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
                                return CertificateVerifier.X509_V_ERR_CERT_NOT_YET_VALID;
                            }
                            if (reason == CertPathValidatorException.BasicReason.REVOKED) {
                                return CertificateVerifier.X509_V_ERR_CERT_REVOKED;
                            }
                        }
                    }
                }
                return CertificateVerifier.X509_V_ERR_UNSPECIFIED;
            }
        }

        abstract void a(eeq eeqVar, X509Certificate[] x509CertificateArr, String str) throws Exception;
    }

    /* loaded from: classes5.dex */
    static final class b implements edz {
        private final Map<Long, eeq> exy;

        private b() {
            this.exy = elc.bsx();
        }

        @Override // defpackage.edz
        public void a(eeq eeqVar) {
            this.exy.put(Long.valueOf(eeqVar.bnr()), eeqVar);
        }

        @Override // defpackage.edz
        public eeq fj(long j) {
            return this.exy.remove(Long.valueOf(j));
        }

        @Override // defpackage.edz
        public eeq fk(long j) {
            return this.exy.get(Long.valueOf(j));
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA");
        evU = Collections.unmodifiableList(arrayList);
        if (logger.isDebugEnabled()) {
            logger.debug("Default cipher suite (OpenSSL): " + arrayList);
        }
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: eep.5
                @Override // java.security.PrivilegedAction
                /* renamed from: bnp, reason: merged with bridge method [inline-methods] */
                public String run() {
                    return ell.get("jdk.tls.ephemeralDHKeySize");
                }
            });
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    logger.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        exh = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public eep(Iterable<String> iterable, edb edbVar, edu eduVar, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2, boolean z3) throws SSLException {
        super(z);
        String next;
        this.exo = new egs() { // from class: eep.3
            static final /* synthetic */ boolean $assertionsDisabled = false;

            @Override // defpackage.egs
            protected void deallocate() {
                eep.this.destroy();
                if (eep.this.eeT != null) {
                    eep.this.eeT.cQ(eep.this);
                }
            }

            @Override // defpackage.ehp
            public ehp touch(Object obj) {
                if (eep.this.eeT != null) {
                    eep.this.eeT.cM(obj);
                }
                return eep.this;
            }
        };
        ArrayList arrayList = null;
        this.exc = new b();
        this.exs = new ReentrantReadWriteLock();
        this.exv = exg;
        edt.bmr();
        if (z2 && !edt.bmp()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.eeT = z3 ? ebv.cO(this) : null;
        this.mode = i;
        this.evY = bnH() ? (ClientAuth) ela.checkNotNull(clientAuth, "clientAuth") : ClientAuth.NONE;
        this.protocols = strArr;
        this.exr = z2;
        if (i == 1) {
            this.exu = exf;
        }
        this.exq = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            arrayList = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (it.hasNext() && (next = it.next()) != null) {
                String oU = eda.oU(next);
                if (oU != null) {
                    next = oU;
                }
                arrayList.add(next);
            }
        }
        this.exk = Arrays.asList(((edb) ela.checkNotNull(edbVar, "cipherFilter")).a(arrayList, evU, edt.bmt()));
        this.exn = (edu) ela.checkNotNull(eduVar, "apn");
        try {
            try {
                this.exj = SSLContext.make(31, i);
                SSLContext.setOptions(this.exj, SSLContext.getOptions(this.exj) | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_CIPHER_SERVER_PREFERENCE | SSL.SSL_OP_NO_COMPRESSION | SSL.SSL_OP_NO_TICKET);
                SSLContext.setMode(this.exj, SSLContext.getMode(this.exj) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
                if (exh != null) {
                    SSLContext.setTmpDHLength(this.exj, exh.intValue());
                }
                try {
                    try {
                        SSLContext.setCipherSuite(this.exj, eda.d(this.exk));
                        List<String> protocols = eduVar.protocols();
                        if (!protocols.isEmpty()) {
                            String[] strArr2 = (String[]) protocols.toArray(new String[protocols.size()]);
                            int a2 = a(eduVar.blQ());
                            switch (eduVar.blP()) {
                                case NPN:
                                    SSLContext.setNpnProtos(this.exj, strArr2, a2);
                                    break;
                                case ALPN:
                                    SSLContext.setAlpnProtos(this.exj, strArr2, a2);
                                    break;
                                case NPN_AND_ALPN:
                                    SSLContext.setNpnProtos(this.exj, strArr2, a2);
                                    SSLContext.setAlpnProtos(this.exj, strArr2, a2);
                                    break;
                                default:
                                    throw new Error();
                            }
                        }
                        if (j > 0) {
                            this.exl = j;
                            SSLContext.setSessionCacheSize(this.exj, j);
                        } else {
                            long sessionCacheSize = SSLContext.setSessionCacheSize(this.exj, 20480L);
                            this.exl = sessionCacheSize;
                            SSLContext.setSessionCacheSize(this.exj, sessionCacheSize);
                        }
                        if (j2 > 0) {
                            this.exm = j2;
                            SSLContext.setSessionCacheTimeout(this.exj, j2);
                        } else {
                            long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.exj, 300L);
                            this.exm = sessionCacheTimeout;
                            SSLContext.setSessionCacheTimeout(this.exj, sessionCacheTimeout);
                        }
                        if (z2) {
                            SSLContext.enableOcsp(this.exj, blV());
                        }
                    } catch (Exception e) {
                        throw new SSLException("failed to set cipher suite: " + this.exk, e);
                    }
                } catch (SSLException e2) {
                    throw e2;
                }
            } catch (Exception e3) {
                throw new SSLException("failed to create an SSL_CTX", e3);
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public eep(Iterable<String> iterable, edb edbVar, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2, boolean z3) throws SSLException {
        this(iterable, edbVar, a(applicationProtocolConfig), j, j2, i, certificateArr, clientAuth, strArr, z, z2, z3);
    }

    private static int a(ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior) {
        switch (selectorFailureBehavior) {
            case NO_ADVERTISE:
                return 0;
            case CHOOSE_MY_LAST_PROTOCOL:
                return 1;
            default:
                throw new Error();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(dqs dqsVar, eel eelVar) throws Exception {
        try {
            dqr content = eelVar.content();
            if (content.isDirect()) {
                return aa(content.bbx());
            }
            dqr ot = dqsVar.ot(content.readableBytes());
            try {
                ot.b(content, content.baY(), content.readableBytes());
                long aa = aa(ot.bbx());
                try {
                    if (eelVar.isSensitive()) {
                        eez.ac(ot);
                    }
                    return aa;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (eelVar.isSensitive()) {
                        eez.ac(ot);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            eelVar.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        dqs dqsVar = dqs.ebR;
        eel pem = PemPrivateKey.toPEM(dqsVar, true, privateKey);
        try {
            return a(dqsVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        dqs dqsVar = dqs.ebR;
        eel pem = PemX509Certificate.toPEM(dqsVar, true, x509CertificateArr);
        try {
            return a(dqsVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static edu a(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return exw;
        }
        switch (applicationProtocolConfig.blP()) {
            case NPN:
            case ALPN:
            case NPN_AND_ALPN:
                switch (applicationProtocolConfig.blR()) {
                    case CHOOSE_MY_LAST_PROTOCOL:
                    case ACCEPT:
                        switch (applicationProtocolConfig.blQ()) {
                            case NO_ADVERTISE:
                            case CHOOSE_MY_LAST_PROTOCOL:
                                return new edx(applicationProtocolConfig);
                            default:
                                throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.blQ() + " behavior");
                        }
                    default:
                        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.blR() + " behavior");
                }
            case NONE:
                return exw;
            default:
                throw new Error();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static X509KeyManager a(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(long j, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j2;
        long j3;
        long j4 = 0;
        eel eelVar = null;
        try {
            try {
                eelVar = PemX509Certificate.toPEM(dqs.ebR, true, x509CertificateArr);
                j3 = a(dqs.ebR, eelVar.retain());
                try {
                    long a2 = a(dqs.ebR, eelVar.retain());
                    if (privateKey != null) {
                        try {
                            j4 = a(privateKey);
                        } catch (SSLException e) {
                            throw e;
                        } catch (Exception e2) {
                            e = e2;
                            throw new SSLException("failed to set certificate and key", e);
                        } catch (Throwable th) {
                            th = th;
                            j2 = a2;
                            fl(j4);
                            fl(j3);
                            fl(j2);
                            if (eelVar != null) {
                                eelVar.release();
                            }
                            throw th;
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j, j3, j4, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j, a2, true);
                        fl(j4);
                        fl(j3);
                        fl(a2);
                        if (eelVar != null) {
                            eelVar.release();
                        }
                    } catch (SSLException e3) {
                    } catch (Exception e4) {
                        e = e4;
                        throw new SSLException("failed to set certificate and key", e);
                    }
                } catch (SSLException e5) {
                } catch (Exception e6) {
                    e = e6;
                } catch (Throwable th2) {
                    th = th2;
                    j2 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e7) {
            throw e7;
        } catch (Exception e8) {
            e = e8;
        } catch (Throwable th4) {
            th = th4;
            j2 = 0;
            j3 = 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509KeyManager x509KeyManager) {
        return elc.bsp() >= 7 && (x509KeyManager instanceof X509ExtendedKeyManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509TrustManager x509TrustManager) {
        return elc.bsp() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    private static long aa(dqr dqrVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int readableBytes = dqrVar.readableBytes();
            if (SSL.bioWrite(newMemBIO, edt.Y(dqrVar) + dqrVar.baY(), readableBytes) == readableBytes) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            dqrVar.release();
        }
    }

    protected static X509Certificate[] d(byte[][] bArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr[i] = new eej(bArr[i]);
        }
        return x509CertificateArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void destroy() {
        Lock writeLock = this.exs.writeLock();
        writeLock.lock();
        try {
            if (this.exj != 0) {
                if (this.exr) {
                    SSLContext.disableOcsp(this.exj);
                }
                SSLContext.free(this.exj);
                this.exj = 0L;
            }
        } finally {
            writeLock.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void fl(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    @Deprecated
    public final void P(byte[] bArr) {
        blZ().P(bArr);
    }

    @Override // defpackage.eev
    public final SSLEngine a(dqs dqsVar, String str, int i) {
        return b(dqsVar, str, i);
    }

    SSLEngine b(dqs dqsVar, String str, int i) {
        return new eeq(this, dqsVar, str, i, true);
    }

    @Override // defpackage.eev
    public final boolean blV() {
        return this.mode == 0;
    }

    @Override // defpackage.eev
    public final long blW() {
        return this.exl;
    }

    @Override // defpackage.eev
    public final long blX() {
        return this.exm;
    }

    @Override // defpackage.eev
    public ecy blY() {
        return this.exn;
    }

    @Override // defpackage.eev
    /* renamed from: bmB */
    public abstract eeg blZ();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract eec bmC();

    @Deprecated
    public final eeh bmG() {
        return blZ().bmG();
    }

    @Deprecated
    public final long bnk() {
        Lock readLock = this.exs.readLock();
        readLock.lock();
        try {
            return this.exj;
        } finally {
            readLock.unlock();
        }
    }

    public boolean bnl() {
        return this.exu;
    }

    public int bnm() {
        return this.exv;
    }

    @Deprecated
    public final long bnn() {
        Lock readLock = this.exs.readLock();
        readLock.lock();
        try {
            return this.exj;
        } finally {
            readLock.unlock();
        }
    }

    @Override // defpackage.eev
    public final List<String> cipherSuites() {
        return this.exk;
    }

    @Override // defpackage.eev
    public final SSLEngine h(dqs dqsVar) {
        return a(dqsVar, (String) null, -1);
    }

    public void jc(boolean z) {
        this.exu = z;
    }

    public void rX(int i) {
        this.exv = ela.B(i, "bioNonApplicationBufferSize");
    }

    @Override // defpackage.ehp
    public final int refCnt() {
        return this.exo.refCnt();
    }

    @Override // defpackage.ehp
    public final boolean release() {
        return this.exo.release();
    }

    @Override // defpackage.ehp
    public final boolean release(int i) {
        return this.exo.release(i);
    }

    @Override // defpackage.ehp
    public final ehp retain() {
        this.exo.retain();
        return this;
    }

    @Override // defpackage.ehp
    public final ehp retain(int i) {
        this.exo.retain(i);
        return this;
    }

    @Override // defpackage.ehp
    public final ehp touch() {
        this.exo.touch();
        return this;
    }

    @Override // defpackage.ehp
    public final ehp touch(Object obj) {
        this.exo.touch(obj);
        return this;
    }
}
