package g.a.d.b;

import g.a.d.b.a;
import io.netty.internal.tcnative.CertificateVerifier;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes3.dex */
public abstract class f1 extends l1 implements g.a.f.s {
    private static final Integer DH_KEY_LENGTH;
    private final d0 apn;
    private volatile int bioNonApplicationBufferSize;
    final f clientAuth;
    protected long ctx;
    final ReadWriteLock ctxLock;
    final boolean enableOcsp;
    final k0 engineMap;
    final Certificate[] keyCertChain;
    private final g.a.f.w<f1> leak;
    private final int mode;
    final String[] protocols;
    private final g.a.f.b refCnt;
    private final long sessionCacheSize;
    private final long sessionTimeout;
    private final List<String> unmodifiableCiphers;
    private static final g.a.f.a0.g0.c logger = g.a.f.a0.g0.d.getInstance((Class<?>) f1.class);
    private static final int DEFAULT_BIO_NON_APPLICATION_BUFFER_SIZE = Math.max(1, g.a.f.a0.a0.getInt("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048));
    static final boolean USE_TASKS = g.a.f.a0.a0.getBoolean("io.netty.handler.ssl.openssl.useTasks", false);
    private static final g.a.f.t<f1> leakDetector = g.a.f.u.instance().newResourceLeakDetector(f1.class);
    static final d0 NONE_PROTOCOL_NEGOTIATOR = new b();

    /* loaded from: classes3.dex */
    class a extends g.a.f.b {
        a() {
        }

        @Override // g.a.f.b
        protected void deallocate() {
            f1.this.destroy();
            if (f1.this.leak != null) {
                f1.this.leak.close(f1.this);
            }
        }

        @Override // g.a.f.s
        public g.a.f.s touch(Object obj) {
            if (f1.this.leak != null) {
                f1.this.leak.record(obj);
            }
            return f1.this;
        }
    }

    /* loaded from: classes3.dex */
    static class b implements d0 {
        b() {
        }

        @Override // g.a.d.b.d0
        public a.EnumC0715a protocol() {
            return a.EnumC0715a.NONE;
        }

        @Override // g.a.d.b.b
        public List<String> protocols() {
            return Collections.emptyList();
        }

        @Override // g.a.d.b.d0
        public a.b selectedListenerFailureBehavior() {
            return a.b.ACCEPT;
        }

        @Override // g.a.d.b.d0
        public a.c selectorFailureBehavior() {
            return a.c.CHOOSE_MY_LAST_PROTOCOL;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class c {
        static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol;
        static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior;
        static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior;

        static {
            int[] iArr = new int[a.b.values().length];
            $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior = iArr;
            try {
                iArr[a.b.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior[a.b.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[a.c.values().length];
            $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior = iArr2;
            try {
                iArr2[a.c.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior[a.c.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr3 = new int[a.EnumC0715a.values().length];
            $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol = iArr3;
            try {
                iArr3[a.EnumC0715a.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[a.EnumC0715a.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[a.EnumC0715a.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[a.EnumC0715a.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* loaded from: classes3.dex */
    static abstract class d extends CertificateVerifier {
        private final k0 engineMap;

        /* JADX INFO: Access modifiers changed from: package-private */
        public d(k0 k0Var) {
            this.engineMap = k0Var;
        }
    }

    /* loaded from: classes3.dex */
    private static final class e implements k0 {
        private final Map<Long, g1> engines;

        private e() {
            this.engines = g.a.f.a0.q.newConcurrentHashMap();
        }

        /* synthetic */ e(a aVar) {
            this();
        }

        @Override // g.a.d.b.k0
        public void add(g1 g1Var) {
            this.engines.put(Long.valueOf(g1Var.sslPointer()), g1Var);
        }

        @Override // g.a.d.b.k0
        public g1 remove(long j2) {
            return this.engines.remove(Long.valueOf(j2));
        }
    }

    static {
        Integer num = null;
        try {
            String str = g.a.f.a0.a0.get("jdk.tls.ephemeralDHKeySize");
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    logger.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        DH_KEY_LENGTH = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public f1(Iterable<String> iterable, g.a.d.b.e eVar, g.a.d.b.a aVar, long j2, long j3, int i2, Certificate[] certificateArr, f fVar, String[] strArr, boolean z, boolean z2, boolean z3) throws SSLException {
        this(iterable, eVar, toNegotiator(aVar), j2, j3, i2, certificateArr, fVar, strArr, z, z2, z3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public f1(Iterable<String> iterable, g.a.d.b.e eVar, d0 d0Var, long j2, long j3, int i2, Certificate[] certificateArr, f fVar, String[] strArr, boolean z, boolean z2, boolean z3) throws SSLException {
        super(z);
        this.refCnt = new a();
        this.engineMap = new e(0 == true ? 1 : 0);
        this.ctxLock = new ReentrantReadWriteLock();
        this.bioNonApplicationBufferSize = DEFAULT_BIO_NON_APPLICATION_BUFFER_SIZE;
        c0.ensureAvailability();
        if (z2 && !c0.isOcspSupported()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i2 != 1 && i2 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.leak = z3 ? leakDetector.track(this) : null;
        this.mode = i2;
        this.clientAuth = isServer() ? (f) g.a.f.a0.o.checkNotNull(fVar, "clientAuth") : f.NONE;
        this.protocols = strArr;
        this.enableOcsp = z2;
        this.keyCertChain = certificateArr != null ? (Certificate[]) certificateArr.clone() : null;
        List<String> asList = Arrays.asList(((g.a.d.b.e) g.a.f.a0.o.checkNotNull(eVar, "cipherFilter")).filterCipherSuites(iterable, c0.DEFAULT_CIPHERS, c0.availableJavaCipherSuites()));
        this.unmodifiableCiphers = asList;
        this.apn = (d0) g.a.f.a0.o.checkNotNull(d0Var, "apn");
        try {
            boolean isTlsv13Supported = c0.isTlsv13Supported();
            try {
                this.ctx = SSLContext.make(isTlsv13Supported ? 62 : 30, i2);
                StringBuilder sb = new StringBuilder();
                StringBuilder sb2 = new StringBuilder();
                try {
                    if (asList.isEmpty()) {
                        SSLContext.setCipherSuite(this.ctx, "", false);
                        if (isTlsv13Supported) {
                            SSLContext.setCipherSuite(this.ctx, "", true);
                        }
                    } else {
                        g.a.d.b.d.convertToCipherStrings(asList, sb, sb2, c0.isBoringSSL());
                        SSLContext.setCipherSuite(this.ctx, sb.toString(), false);
                        if (isTlsv13Supported) {
                            SSLContext.setCipherSuite(this.ctx, sb2.toString(), true);
                        }
                    }
                    int options = SSLContext.getOptions(this.ctx) | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_CIPHER_SERVER_PREFERENCE | SSL.SSL_OP_NO_COMPRESSION | SSL.SSL_OP_NO_TICKET;
                    SSLContext.setOptions(this.ctx, sb.length() == 0 ? options | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1 | SSL.SSL_OP_NO_TLSv1_1 | SSL.SSL_OP_NO_TLSv1_2 : options);
                    long j4 = this.ctx;
                    SSLContext.setMode(j4, SSLContext.getMode(j4) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
                    Integer num = DH_KEY_LENGTH;
                    if (num != null) {
                        SSLContext.setTmpDHLength(this.ctx, num.intValue());
                    }
                    List<String> protocols = d0Var.protocols();
                    if (!protocols.isEmpty()) {
                        String[] strArr2 = (String[]) protocols.toArray(new String[0]);
                        int opensslSelectorFailureBehavior = opensslSelectorFailureBehavior(d0Var.selectorFailureBehavior());
                        int i3 = c.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[d0Var.protocol().ordinal()];
                        if (i3 == 1) {
                            SSLContext.setNpnProtos(this.ctx, strArr2, opensslSelectorFailureBehavior);
                        } else if (i3 == 2) {
                            SSLContext.setAlpnProtos(this.ctx, strArr2, opensslSelectorFailureBehavior);
                        } else {
                            if (i3 != 3) {
                                throw new Error();
                            }
                            SSLContext.setNpnProtos(this.ctx, strArr2, opensslSelectorFailureBehavior);
                            SSLContext.setAlpnProtos(this.ctx, strArr2, opensslSelectorFailureBehavior);
                        }
                    }
                    long sessionCacheSize = j2 <= 0 ? SSLContext.setSessionCacheSize(this.ctx, 20480L) : j2;
                    this.sessionCacheSize = sessionCacheSize;
                    SSLContext.setSessionCacheSize(this.ctx, sessionCacheSize);
                    long sessionCacheTimeout = j3 <= 0 ? SSLContext.setSessionCacheTimeout(this.ctx, 300L) : j3;
                    this.sessionTimeout = sessionCacheTimeout;
                    SSLContext.setSessionCacheTimeout(this.ctx, sessionCacheTimeout);
                    if (z2) {
                        SSLContext.enableOcsp(this.ctx, isClient());
                    }
                    SSLContext.setUseTasks(this.ctx, USE_TASKS);
                } catch (SSLException e2) {
                    throw e2;
                } catch (Exception e3) {
                    throw new SSLException("failed to set cipher suite: " + this.unmodifiableCiphers, e3);
                }
            } catch (Exception e4) {
                throw new SSLException("failed to create an SSL_CTX", e4);
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager chooseTrustManager(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return g.a.f.a0.q.javaVersion() >= 7 ? z0.wrapIfNeeded((X509TrustManager) trustManager) : (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager chooseX509KeyManager(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void destroy() {
        Lock writeLock = this.ctxLock.writeLock();
        writeLock.lock();
        try {
            long j2 = this.ctx;
            if (j2 != 0) {
                if (this.enableOcsp) {
                    SSLContext.disableOcsp(j2);
                }
                SSLContext.free(this.ctx);
                this.ctx = 0L;
                t0 sessionContext = sessionContext();
                if (sessionContext != null) {
                    sessionContext.destroy();
                }
            }
        } finally {
            writeLock.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void freeBio(long j2) {
        if (j2 != 0) {
            SSL.freeBIO(j2);
        }
    }

    private static long newBIO(g.a.b.j jVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int readableBytes = jVar.readableBytes();
            if (SSL.bioWrite(newMemBIO, c0.memoryAddress(jVar) + jVar.readerIndex(), readableBytes) == readableBytes) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.release();
        }
    }

    private static int opensslSelectorFailureBehavior(a.c cVar) {
        int i2 = c.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior[cVar.ordinal()];
        if (i2 == 1) {
            return 0;
        }
        if (i2 == 2) {
            return 1;
        }
        throw new Error();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static o0 providerFor(KeyManagerFactory keyManagerFactory, String str) {
        return keyManagerFactory instanceof y0 ? ((y0) keyManagerFactory).newProvider() : keyManagerFactory instanceof f0 ? ((f0) keyManagerFactory).newProvider(str) : new o0(chooseX509KeyManager(keyManagerFactory.getKeyManagers()), str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setKeyMaterial(long j2, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j3;
        long j4;
        long bio;
        long j5 = 0;
        a1 a1Var = null;
        try {
            try {
                g.a.b.k kVar = g.a.b.k.DEFAULT;
                a1Var = d1.toPEM(kVar, true, x509CertificateArr);
                j4 = toBIO(kVar, a1Var.retain());
                try {
                    bio = toBIO(kVar, a1Var.retain());
                    if (privateKey != null) {
                        try {
                            j5 = toBIO(kVar, privateKey);
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            e = e3;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    }
                } catch (SSLException e4) {
                    throw e4;
                } catch (Exception e5) {
                    e = e5;
                } catch (Throwable th) {
                    th = th;
                    j3 = 0;
                }
            } catch (Throwable th2) {
                th = th2;
            }
        } catch (SSLException e6) {
            throw e6;
        } catch (Exception e7) {
            e = e7;
        } catch (Throwable th3) {
            th = th3;
            j3 = 0;
            j4 = 0;
        }
        try {
            SSLContext.setCertificateBio(j2, j4, j5, str == null ? "" : str);
            SSLContext.setCertificateChainBio(j2, bio, true);
            freeBio(j5);
            freeBio(j4);
            freeBio(bio);
            a1Var.release();
        } catch (SSLException e8) {
        } catch (Exception e9) {
            e = e9;
            throw new SSLException("failed to set certificate and key", e);
        } catch (Throwable th4) {
            th = th4;
            j3 = bio;
            freeBio(j5);
            freeBio(j4);
            freeBio(j3);
            if (a1Var != null) {
                a1Var.release();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long toBIO(g.a.b.k kVar, a1 a1Var) throws Exception {
        try {
            g.a.b.j content = a1Var.content();
            if (content.isDirect()) {
                return newBIO(content.retainedSlice());
            }
            g.a.b.j directBuffer = kVar.directBuffer(content.readableBytes());
            try {
                directBuffer.writeBytes(content, content.readerIndex(), content.readableBytes());
                long newBIO = newBIO(directBuffer.retainedSlice());
                try {
                    if (a1Var.isSensitive()) {
                        s1.zeroout(directBuffer);
                    }
                    return newBIO;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (a1Var.isSensitive()) {
                        s1.zeroout(directBuffer);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            a1Var.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long toBIO(g.a.b.k kVar, PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        a1 pem = b1.toPEM(kVar, true, privateKey);
        try {
            return toBIO(kVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long toBIO(g.a.b.k kVar, X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        a1 pem = d1.toPEM(kVar, true, x509CertificateArr);
        try {
            return toBIO(kVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static d0 toNegotiator(g.a.d.b.a aVar) {
        if (aVar == null) {
            return NONE_PROTOCOL_NEGOTIATOR;
        }
        int i2 = c.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[aVar.protocol().ordinal()];
        if (i2 != 1 && i2 != 2 && i2 != 3) {
            if (i2 == 4) {
                return NONE_PROTOCOL_NEGOTIATOR;
            }
            throw new Error();
        }
        int i3 = c.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectedListenerFailureBehavior[aVar.selectedListenerFailureBehavior().ordinal()];
        if (i3 != 1 && i3 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + aVar.selectedListenerFailureBehavior() + " behavior");
        }
        int i4 = c.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior[aVar.selectorFailureBehavior().ordinal()];
        if (i4 == 1 || i4 == 2) {
            return new i0(aVar);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + aVar.selectorFailureBehavior() + " behavior");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean useExtendedTrustManager(X509TrustManager x509TrustManager) {
        return g.a.f.a0.q.javaVersion() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    public g.a.d.b.b applicationProtocolNegotiator() {
        return this.apn;
    }

    public int getBioNonApplicationBufferSize() {
        return this.bioNonApplicationBufferSize;
    }

    @Override // g.a.d.b.l1
    public final boolean isClient() {
        return this.mode == 0;
    }

    @Override // g.a.d.b.l1
    public final SSLEngine newEngine(g.a.b.k kVar, String str, int i2) {
        return newEngine0(kVar, str, i2, true);
    }

    SSLEngine newEngine0(g.a.b.k kVar, String str, int i2, boolean z) {
        return new g1(this, kVar, str, i2, z, true);
    }

    @Override // g.a.d.b.l1
    protected final o1 newHandler(g.a.b.k kVar, String str, int i2, boolean z) {
        return new o1(newEngine0(kVar, str, i2, false), z);
    }

    @Override // g.a.f.s
    public final int refCnt() {
        return this.refCnt.refCnt();
    }

    @Override // g.a.f.s
    public final boolean release() {
        return this.refCnt.release();
    }

    public final g.a.f.s retain() {
        this.refCnt.retain();
        return this;
    }

    public abstract t0 sessionContext();

    @Override // g.a.f.s
    public final g.a.f.s touch(Object obj) {
        this.refCnt.touch(obj);
        return this;
    }
}
