package defpackage;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.OpenSslCertificateException;
import io.netty.handler.ssl.PemPrivateKey;
import io.netty.handler.ssl.PemX509Certificate;
import io.netty.internal.tcnative.CertificateVerifier;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import io.netty.util.ResourceLeakDetector;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes5.dex */
public abstract class efy extends ege implements eiy {
    private static final List<String> ewD;
    private static final Integer exU;
    protected static final int exV = 10;
    private final ejc<efy> efC;
    final String[] ewF;
    final ClientAuth ewI;
    final efi exP;
    protected long exW;
    private final List<String> exX;
    private final long exY;
    private final long exZ;
    private final efd eya;
    private final eib eyb;
    final Certificate[] eyc;
    final boolean eyd;
    final ReadWriteLock eye;
    private volatile boolean eyf;
    private volatile int eyg;
    private final int mode;
    private static final enc logger = end.af(efy.class);
    private static final boolean exS = ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: efy.1
        @Override // java.security.PrivilegedAction
        /* renamed from: bmw, reason: merged with bridge method [inline-methods] */
        public Boolean run() {
            return Boolean.valueOf(emu.getBoolean("jdk.tls.rejectClientInitiatedRenegotiation", false));
        }
    })).booleanValue();
    private static final int exT = ((Integer) AccessController.doPrivileged(new PrivilegedAction<Integer>() { // from class: efy.2
        @Override // java.security.PrivilegedAction
        /* renamed from: bnk, reason: merged with bridge method [inline-methods] */
        public Integer run() {
            return Integer.valueOf(Math.max(1, emu.getInt("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048)));
        }
    })).intValue();
    private static final ResourceLeakDetector<efy> ece = eja.bqb().aa(efy.class);
    static final efd eyh = new efd() { // from class: efy.4
        @Override // defpackage.efd
        public ApplicationProtocolConfig.Protocol blL() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }

        @Override // defpackage.efd
        public ApplicationProtocolConfig.SelectorFailureBehavior blM() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // defpackage.efd
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior blN() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }

        @Override // defpackage.eeh
        public List<String> protocols() {
            return Collections.emptyList();
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public static abstract class a extends CertificateVerifier {
        private final efi exP;

        /* JADX INFO: Access modifiers changed from: package-private */
        public a(efi efiVar) {
            this.exP = efiVar;
        }

        public final int a(long j, byte[][] bArr, String str) {
            X509Certificate[] d = efy.d(bArr);
            efz fm = this.exP.fm(j);
            try {
                a(fm, d, str);
                return CertificateVerifier.X509_V_OK;
            } catch (Throwable th) {
                efy.logger.debug("verification of certificate failed", th);
                SSLHandshakeException sSLHandshakeException = new SSLHandshakeException("General OpenSslEngine problem");
                sSLHandshakeException.initCause(th);
                fm.eyQ = sSLHandshakeException;
                if (th instanceof OpenSslCertificateException) {
                    return ((OpenSslCertificateException) th).errorCode();
                }
                if (th instanceof CertificateExpiredException) {
                    return CertificateVerifier.X509_V_ERR_CERT_HAS_EXPIRED;
                }
                if (th instanceof CertificateNotYetValidException) {
                    return CertificateVerifier.X509_V_ERR_CERT_NOT_YET_VALID;
                }
                if (eml.bsl() >= 7) {
                    if (th instanceof CertificateRevokedException) {
                        return CertificateVerifier.X509_V_ERR_CERT_REVOKED;
                    }
                    for (Throwable cause = th.getCause(); cause != null; cause = cause.getCause()) {
                        if (cause instanceof CertPathValidatorException) {
                            CertPathValidatorException.Reason reason = ((CertPathValidatorException) cause).getReason();
                            if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
                                return CertificateVerifier.X509_V_ERR_CERT_HAS_EXPIRED;
                            }
                            if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
                                return CertificateVerifier.X509_V_ERR_CERT_NOT_YET_VALID;
                            }
                            if (reason == CertPathValidatorException.BasicReason.REVOKED) {
                                return CertificateVerifier.X509_V_ERR_CERT_REVOKED;
                            }
                        }
                    }
                }
                return CertificateVerifier.X509_V_ERR_UNSPECIFIED;
            }
        }

        abstract void a(efz efzVar, X509Certificate[] x509CertificateArr, String str) throws Exception;
    }

    /* loaded from: classes5.dex */
    static final class b implements efi {
        private final Map<Long, efz> eyj;

        private b() {
            this.eyj = eml.bst();
        }

        @Override // defpackage.efi
        public void a(efz efzVar) {
            this.eyj.put(Long.valueOf(efzVar.bnn()), efzVar);
        }

        @Override // defpackage.efi
        public efz fl(long j) {
            return this.eyj.remove(Long.valueOf(j));
        }

        @Override // defpackage.efi
        public efz fm(long j) {
            return this.eyj.get(Long.valueOf(j));
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA");
        ewD = Collections.unmodifiableList(arrayList);
        if (logger.isDebugEnabled()) {
            logger.debug("Default cipher suite (OpenSSL): " + arrayList);
        }
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: efy.5
                @Override // java.security.PrivilegedAction
                /* renamed from: bnl, reason: merged with bridge method [inline-methods] */
                public String run() {
                    return emu.get("jdk.tls.ephemeralDHKeySize");
                }
            });
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    logger.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        exU = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public efy(Iterable<String> iterable, eek eekVar, efd efdVar, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2, boolean z3) throws SSLException {
        super(z);
        String next;
        this.eyb = new eib() { // from class: efy.3
            static final /* synthetic */ boolean $assertionsDisabled = false;

            @Override // defpackage.eib
            protected void deallocate() {
                efy.this.destroy();
                if (efy.this.efC != null) {
                    efy.this.efC.cQ(efy.this);
                }
            }

            @Override // defpackage.eiy
            public eiy touch(Object obj) {
                if (efy.this.efC != null) {
                    efy.this.efC.cM(obj);
                }
                return efy.this;
            }
        };
        ArrayList arrayList = null;
        this.exP = new b();
        this.eye = new ReentrantReadWriteLock();
        this.eyg = exT;
        efc.bmn();
        if (z2 && !efc.bml()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.efC = z3 ? ece.cO(this) : null;
        this.mode = i;
        this.ewI = bnD() ? (ClientAuth) emj.checkNotNull(clientAuth, "clientAuth") : ClientAuth.NONE;
        this.ewF = strArr;
        this.eyd = z2;
        if (i == 1) {
            this.eyf = exS;
        }
        this.eyc = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            arrayList = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (it.hasNext() && (next = it.next()) != null) {
                String pf = eej.pf(next);
                if (pf != null) {
                    next = pf;
                }
                arrayList.add(next);
            }
        }
        this.exX = Arrays.asList(((eek) emj.checkNotNull(eekVar, "cipherFilter")).a(arrayList, ewD, efc.bmp()));
        this.eya = (efd) emj.checkNotNull(efdVar, "apn");
        try {
            try {
                this.exW = SSLContext.make(31, i);
                SSLContext.setOptions(this.exW, SSLContext.getOptions(this.exW) | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_CIPHER_SERVER_PREFERENCE | SSL.SSL_OP_NO_COMPRESSION | SSL.SSL_OP_NO_TICKET);
                SSLContext.setMode(this.exW, SSLContext.getMode(this.exW) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
                if (exU != null) {
                    SSLContext.setTmpDHLength(this.exW, exU.intValue());
                }
                try {
                    try {
                        SSLContext.setCipherSuite(this.exW, eej.d(this.exX));
                        List<String> protocols = efdVar.protocols();
                        if (!protocols.isEmpty()) {
                            String[] strArr2 = (String[]) protocols.toArray(new String[protocols.size()]);
                            int a2 = a(efdVar.blM());
                            switch (efdVar.blL()) {
                                case NPN:
                                    SSLContext.setNpnProtos(this.exW, strArr2, a2);
                                    break;
                                case ALPN:
                                    SSLContext.setAlpnProtos(this.exW, strArr2, a2);
                                    break;
                                case NPN_AND_ALPN:
                                    SSLContext.setNpnProtos(this.exW, strArr2, a2);
                                    SSLContext.setAlpnProtos(this.exW, strArr2, a2);
                                    break;
                                default:
                                    throw new Error();
                            }
                        }
                        if (j > 0) {
                            this.exY = j;
                            SSLContext.setSessionCacheSize(this.exW, j);
                        } else {
                            long sessionCacheSize = SSLContext.setSessionCacheSize(this.exW, 20480L);
                            this.exY = sessionCacheSize;
                            SSLContext.setSessionCacheSize(this.exW, sessionCacheSize);
                        }
                        if (j2 > 0) {
                            this.exZ = j2;
                            SSLContext.setSessionCacheTimeout(this.exW, j2);
                        } else {
                            long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.exW, 300L);
                            this.exZ = sessionCacheTimeout;
                            SSLContext.setSessionCacheTimeout(this.exW, sessionCacheTimeout);
                        }
                        if (z2) {
                            SSLContext.enableOcsp(this.exW, blR());
                        }
                    } catch (Exception e) {
                        throw new SSLException("failed to set cipher suite: " + this.exX, e);
                    }
                } catch (SSLException e2) {
                    throw e2;
                }
            } catch (Exception e3) {
                throw new SSLException("failed to create an SSL_CTX", e3);
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public efy(Iterable<String> iterable, eek eekVar, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2, boolean z3) throws SSLException {
        this(iterable, eekVar, a(applicationProtocolConfig), j, j2, i, certificateArr, clientAuth, strArr, z, z2, z3);
    }

    private static int a(ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior) {
        switch (selectorFailureBehavior) {
            case NO_ADVERTISE:
                return 0;
            case CHOOSE_MY_LAST_PROTOCOL:
                return 1;
            default:
                throw new Error();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(dsb dsbVar, efu efuVar) throws Exception {
        try {
            dsa content = efuVar.content();
            if (content.isDirect()) {
                return aa(content.bbt());
            }
            dsa om = dsbVar.om(content.readableBytes());
            try {
                om.b(content, content.baU(), content.readableBytes());
                long aa = aa(om.bbt());
                try {
                    if (efuVar.isSensitive()) {
                        egi.ac(om);
                    }
                    return aa;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (efuVar.isSensitive()) {
                        egi.ac(om);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            efuVar.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        dsb dsbVar = dsb.ecA;
        efu pem = PemPrivateKey.toPEM(dsbVar, true, privateKey);
        try {
            return a(dsbVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        dsb dsbVar = dsb.ecA;
        efu pem = PemX509Certificate.toPEM(dsbVar, true, x509CertificateArr);
        try {
            return a(dsbVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static efd a(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return eyh;
        }
        switch (applicationProtocolConfig.blL()) {
            case NPN:
            case ALPN:
            case NPN_AND_ALPN:
                switch (applicationProtocolConfig.blN()) {
                    case CHOOSE_MY_LAST_PROTOCOL:
                    case ACCEPT:
                        switch (applicationProtocolConfig.blM()) {
                            case NO_ADVERTISE:
                            case CHOOSE_MY_LAST_PROTOCOL:
                                return new efg(applicationProtocolConfig);
                            default:
                                throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.blM() + " behavior");
                        }
                    default:
                        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.blN() + " behavior");
                }
            case NONE:
                return eyh;
            default:
                throw new Error();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static X509KeyManager a(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(long j, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j2;
        long j3;
        long j4 = 0;
        efu efuVar = null;
        try {
            try {
                efuVar = PemX509Certificate.toPEM(dsb.ecA, true, x509CertificateArr);
                j3 = a(dsb.ecA, efuVar.retain());
                try {
                    long a2 = a(dsb.ecA, efuVar.retain());
                    if (privateKey != null) {
                        try {
                            j4 = a(privateKey);
                        } catch (SSLException e) {
                            throw e;
                        } catch (Exception e2) {
                            e = e2;
                            throw new SSLException("failed to set certificate and key", e);
                        } catch (Throwable th) {
                            th = th;
                            j2 = a2;
                            fn(j4);
                            fn(j3);
                            fn(j2);
                            if (efuVar != null) {
                                efuVar.release();
                            }
                            throw th;
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j, j3, j4, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j, a2, true);
                        fn(j4);
                        fn(j3);
                        fn(a2);
                        if (efuVar != null) {
                            efuVar.release();
                        }
                    } catch (SSLException e3) {
                    } catch (Exception e4) {
                        e = e4;
                        throw new SSLException("failed to set certificate and key", e);
                    }
                } catch (SSLException e5) {
                } catch (Exception e6) {
                    e = e6;
                } catch (Throwable th2) {
                    th = th2;
                    j2 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e7) {
            throw e7;
        } catch (Exception e8) {
            e = e8;
        } catch (Throwable th4) {
            th = th4;
            j2 = 0;
            j3 = 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509KeyManager x509KeyManager) {
        return eml.bsl() >= 7 && (x509KeyManager instanceof X509ExtendedKeyManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509TrustManager x509TrustManager) {
        return eml.bsl() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    private static long aa(dsa dsaVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int readableBytes = dsaVar.readableBytes();
            if (SSL.bioWrite(newMemBIO, efc.Y(dsaVar) + dsaVar.baU(), readableBytes) == readableBytes) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            dsaVar.release();
        }
    }

    protected static X509Certificate[] d(byte[][] bArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr[i] = new efs(bArr[i]);
        }
        return x509CertificateArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void destroy() {
        Lock writeLock = this.eye.writeLock();
        writeLock.lock();
        try {
            if (this.exW != 0) {
                if (this.eyd) {
                    SSLContext.disableOcsp(this.exW);
                }
                SSLContext.free(this.exW);
                this.exW = 0L;
            }
        } finally {
            writeLock.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void fn(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    @Deprecated
    public final void R(byte[] bArr) {
        blV().R(bArr);
    }

    @Override // defpackage.ege
    public final SSLEngine a(dsb dsbVar, String str, int i) {
        return b(dsbVar, str, i);
    }

    SSLEngine b(dsb dsbVar, String str, int i) {
        return new efz(this, dsbVar, str, i, true);
    }

    @Override // defpackage.ege
    public final boolean blR() {
        return this.mode == 0;
    }

    @Override // defpackage.ege
    public final long blS() {
        return this.exY;
    }

    @Override // defpackage.ege
    public final long blT() {
        return this.exZ;
    }

    @Override // defpackage.ege
    public eeh blU() {
        return this.eya;
    }

    @Deprecated
    public final efq bmC() {
        return blV().bmC();
    }

    @Override // defpackage.ege
    /* renamed from: bmx */
    public abstract efp blV();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract efl bmy();

    @Deprecated
    public final long bng() {
        Lock readLock = this.eye.readLock();
        readLock.lock();
        try {
            return this.exW;
        } finally {
            readLock.unlock();
        }
    }

    public boolean bnh() {
        return this.eyf;
    }

    public int bni() {
        return this.eyg;
    }

    @Deprecated
    public final long bnj() {
        Lock readLock = this.eye.readLock();
        readLock.lock();
        try {
            return this.exW;
        } finally {
            readLock.unlock();
        }
    }

    @Override // defpackage.ege
    public final List<String> cipherSuites() {
        return this.exX;
    }

    @Override // defpackage.ege
    public final SSLEngine h(dsb dsbVar) {
        return a(dsbVar, (String) null, -1);
    }

    public void ja(boolean z) {
        this.eyf = z;
    }

    public void rQ(int i) {
        this.eyg = emj.A(i, "bioNonApplicationBufferSize");
    }

    @Override // defpackage.eiy
    public final int refCnt() {
        return this.eyb.refCnt();
    }

    @Override // defpackage.eiy
    public final boolean release() {
        return this.eyb.release();
    }

    @Override // defpackage.eiy
    public final boolean release(int i) {
        return this.eyb.release(i);
    }

    @Override // defpackage.eiy
    public final eiy retain() {
        this.eyb.retain();
        return this;
    }

    @Override // defpackage.eiy
    public final eiy retain(int i) {
        this.eyb.retain(i);
        return this;
    }

    @Override // defpackage.eiy
    public final eiy touch() {
        this.eyb.touch();
        return this;
    }

    @Override // defpackage.eiy
    public final eiy touch(Object obj) {
        this.eyb.touch(obj);
        return this;
    }
}
