package io.netty.handler.ssl;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.Unpooled;
import io.netty.handler.codec.base64.Base64;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.util.CharsetUtil;
import io.netty.util.internal.ObjectUtil;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* loaded from: classes.dex */
public abstract class OpenSslContext extends SslContext {
    private static final List<String> t;
    protected static final int u = 10;
    protected volatile long b;
    long c;
    private volatile int d;
    private volatile boolean e;
    private final List<String> f;
    private final long g;
    private final long h;
    private final OpenSslEngineMap i;
    private final OpenSslApplicationProtocolNegotiator j;
    private final int k;
    private final Certificate[] l;
    private final ClientAuth m;
    private static final byte[] n = "-----BEGIN CERTIFICATE-----\n".getBytes(CharsetUtil.f);
    private static final byte[] o = "\n-----END CERTIFICATE-----\n".getBytes(CharsetUtil.f);
    private static final byte[] p = "-----BEGIN PRIVATE KEY-----\n".getBytes(CharsetUtil.f);
    private static final byte[] q = "\n-----END PRIVATE KEY-----\n".getBytes(CharsetUtil.f);
    private static final InternalLogger r = InternalLoggerFactory.a((Class<?>) OpenSslContext.class);
    private static final boolean s = SystemPropertyUtil.a("jdk.tls.rejectClientInitiatedRenegotiation", false);
    static final OpenSslApplicationProtocolNegotiator v = new OpenSslApplicationProtocolNegotiator() { // from class: io.netty.handler.ssl.OpenSslContext.1
        @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
        public ApplicationProtocolConfig.Protocol a() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }

        @Override // io.netty.handler.ssl.ApplicationProtocolNegotiator
        public List<String> b() {
            return Collections.emptyList();
        }

        @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
        public ApplicationProtocolConfig.SelectorFailureBehavior c() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior d() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.netty.handler.ssl.OpenSslContext$2, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] a;
        static final /* synthetic */ int[] b;
        static final /* synthetic */ int[] c = new int[ApplicationProtocolConfig.SelectedListenerFailureBehavior.values().length];

        static {
            try {
                c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            b = new int[ApplicationProtocolConfig.SelectorFailureBehavior.values().length];
            try {
                b[ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                b[ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            a = new int[ApplicationProtocolConfig.Protocol.values().length];
            try {
                a[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                a[ApplicationProtocolConfig.Protocol.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                a[ApplicationProtocolConfig.Protocol.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                a[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public abstract class AbstractCertificateVerifier implements CertificateVerifier {
        /* JADX INFO: Access modifiers changed from: package-private */
        public AbstractCertificateVerifier() {
        }

        public final int a(long j, byte[][] bArr, String str) {
            X509Certificate[] a = OpenSslContext.a(bArr);
            OpenSslEngine d = OpenSslContext.this.i.d(j);
            try {
                a(d, a, str);
                return 0;
            } catch (Throwable th) {
                OpenSslContext.r.e("verification of certificate failed", (Throwable) th);
                SSLHandshakeException sSLHandshakeException = new SSLHandshakeException("General OpenSslEngine problem");
                sSLHandshakeException.initCause(th);
                d.u = sSLHandshakeException;
                if (th instanceof OpenSslCertificateException) {
                    return th.c();
                }
                if (th instanceof CertificateExpiredException) {
                    return 10;
                }
                if (th instanceof CertificateNotYetValidException) {
                    return 9;
                }
                return (PlatformDependent.t() < 7 || !(th instanceof CertificateRevokedException)) ? 1 : 23;
            }
        }

        abstract void a(OpenSslEngine openSslEngine, X509Certificate[] x509CertificateArr, String str);
    }

    /* loaded from: classes.dex */
    private static final class DefaultOpenSslEngineMap implements OpenSslEngineMap {
        private final Map<Long, OpenSslEngine> b;

        private DefaultOpenSslEngineMap() {
            this.b = PlatformDependent.y();
        }

        @Override // io.netty.handler.ssl.OpenSslEngineMap
        public void a(OpenSslEngine openSslEngine) {
            this.b.put(Long.valueOf(openSslEngine.b()), openSslEngine);
        }

        @Override // io.netty.handler.ssl.OpenSslEngineMap
        public OpenSslEngine d(long j) {
            return this.b.remove(Long.valueOf(j));
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA");
        t = Collections.unmodifiableList(arrayList);
        if (r.d()) {
            r.a("Default cipher suite (OpenSSL): " + arrayList);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenSslContext(Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth) {
        this(iterable, cipherSuiteFilter, a(applicationProtocolConfig), j, j2, i, certificateArr, clientAuth);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public OpenSslContext(Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, OpenSslApplicationProtocolNegotiator openSslApplicationProtocolNegotiator, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth) {
        long j3;
        String next;
        ArrayList arrayList = null;
        this.i = new DefaultOpenSslEngineMap();
        OpenSsl.b();
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.k = i;
        this.m = d() ? (ClientAuth) ObjectUtil.a(clientAuth, "clientAuth") : ClientAuth.NONE;
        if (i == 1) {
            this.e = s;
        }
        this.l = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            arrayList = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (it.hasNext() && (next = it.next()) != null) {
                String e = CipherSuiteConverter.e(next);
                if (e != null) {
                    next = e;
                }
                arrayList.add(next);
            }
        }
        this.f = Arrays.asList(((CipherSuiteFilter) ObjectUtil.a(cipherSuiteFilter, "cipherFilter")).a(arrayList, t, OpenSsl.a()));
        this.j = (OpenSslApplicationProtocolNegotiator) ObjectUtil.a(openSslApplicationProtocolNegotiator, "apn");
        this.c = Pool.create(0L);
        try {
            synchronized (OpenSslContext.class) {
                try {
                    try {
                        this.b = SSLContext.make(this.c, 31, i);
                        SSLContext.setOptions(this.b, 4095);
                        SSLContext.setOptions(this.b, 16777216);
                        SSLContext.setOptions(this.b, 33554432);
                        SSLContext.setOptions(this.b, 4194304);
                        SSLContext.setOptions(this.b, 524288);
                        SSLContext.setOptions(this.b, 1048576);
                        SSLContext.setOptions(this.b, 65536);
                        SSLContext.setMode(this.b, SSLContext.getMode(this.b) | 2);
                        try {
                            SSLContext.setCipherSuite(this.b, CipherSuiteConverter.a(this.f));
                            List<String> b = openSslApplicationProtocolNegotiator.b();
                            if (!b.isEmpty()) {
                                String[] strArr = (String[]) b.toArray(new String[b.size()]);
                                int a = a(openSslApplicationProtocolNegotiator.c());
                                int i2 = AnonymousClass2.a[openSslApplicationProtocolNegotiator.a().ordinal()];
                                if (i2 != 1) {
                                    if (i2 == 2) {
                                        j3 = this.b;
                                    } else {
                                        if (i2 != 3) {
                                            throw new Error();
                                        }
                                        SSLContext.setNpnProtos(this.b, strArr, a);
                                        j3 = this.b;
                                    }
                                    SSLContext.setAlpnProtos(j3, strArr, a);
                                } else {
                                    SSLContext.setNpnProtos(this.b, strArr, a);
                                }
                            }
                            if (j > 0) {
                                this.g = j;
                                SSLContext.setSessionCacheSize(this.b, j);
                            } else {
                                long sessionCacheSize = SSLContext.setSessionCacheSize(this.b, 20480L);
                                this.g = sessionCacheSize;
                                SSLContext.setSessionCacheSize(this.b, sessionCacheSize);
                            }
                            if (j2 > 0) {
                                this.h = j2;
                                SSLContext.setSessionCacheTimeout(this.b, j2);
                            } else {
                                long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.b, 300L);
                                this.h = sessionCacheTimeout;
                                SSLContext.setSessionCacheTimeout(this.b, sessionCacheTimeout);
                            }
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            throw new SSLException("failed to set cipher suite: " + this.f, e3);
                        }
                    } catch (Exception e4) {
                        throw new SSLException("failed to create an SSL_CTX", e4);
                    }
                } catch (Throwable th) {
                    throw th;
                }
            }
        } catch (Throwable th2) {
            m();
            throw th2;
        }
    }

    private static int a(ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior) {
        int i = AnonymousClass2.b[selectorFailureBehavior.ordinal()];
        if (i == 1) {
            return 0;
        }
        if (i == 2) {
            return 1;
        }
        throw new Error();
    }

    private static long a(ByteBuf byteBuf) {
        long newMemBIO = SSL.newMemBIO();
        int i2 = byteBuf.i2();
        if (SSL.writeToBIO(newMemBIO, OpenSsl.a(byteBuf), i2) == i2) {
            return newMemBIO;
        }
        SSL.freeBIO(newMemBIO);
        throw new IllegalStateException("Could not write data to memory BIO");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(PrivateKey privateKey) {
        if (privateKey == null) {
            return 0L;
        }
        ByteBuf c = Unpooled.c();
        try {
            c.b(p);
            ByteBuf b = Unpooled.b(privateKey.getEncoded());
            try {
                ByteBuf a = Base64.a(b, true);
                try {
                    c.g(a);
                    b(b);
                    c.b(q);
                    return a(c);
                } finally {
                    b(a);
                }
            } catch (Throwable th) {
                b(b);
                throw th;
            }
        } finally {
            b(c);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null) {
            return 0L;
        }
        ByteBuf c = Unpooled.c();
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                c.b(n);
                ByteBuf b = Unpooled.b(x509Certificate.getEncoded());
                try {
                    try {
                        c.g(Base64.a(b, true));
                        b.release();
                        c.b(o);
                    } finally {
                    }
                } catch (Throwable th) {
                    b.release();
                    throw th;
                }
            }
            return a(c);
        } finally {
            c.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OpenSslApplicationProtocolNegotiator a(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return v;
        }
        int i = AnonymousClass2.a[applicationProtocolConfig.a().ordinal()];
        if (i != 1 && i != 2 && i != 3) {
            if (i == 4) {
                return v;
            }
            throw new Error();
        }
        int i2 = AnonymousClass2.c[applicationProtocolConfig.b().ordinal()];
        if (i2 != 1 && i2 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.b() + " behavior");
        }
        int i3 = AnonymousClass2.b[applicationProtocolConfig.c().ordinal()];
        if (i3 == 1 || i3 == 2) {
            return new OpenSslDefaultApplicationProtocolNegotiator(applicationProtocolConfig);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.c() + " behavior");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(KeyManagerFactory keyManagerFactory) {
        if (keyManagerFactory != null) {
            throw new IllegalArgumentException("KeyManagerFactory is currently not supported with OpenSslContext");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509TrustManager x509TrustManager) {
        return PlatformDependent.t() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    protected static X509Certificate[] a(byte[][] bArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr[i] = new OpenSslX509Certificate(bArr[i]);
        }
        return x509CertificateArr;
    }

    private static void b(ByteBuf byteBuf) {
        byteBuf.o(0, byteBuf.x1());
        byteBuf.release();
    }

    @Override // io.netty.handler.ssl.SslContext
    public ApplicationProtocolNegotiator a() {
        return this.j;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SSLEngine a(ByteBufAllocator byteBufAllocator) {
        return a(byteBufAllocator, (String) null, -1);
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SSLEngine a(ByteBufAllocator byteBufAllocator, String str, int i) {
        return new OpenSslEngine(this.b, byteBufAllocator, c(), g(), this.j, this.i, this.e, str, i, this.l, this.m);
    }

    public void a(boolean z) {
        this.e = z;
    }

    @Deprecated
    public final void a(byte[] bArr) {
        g().a(bArr);
    }

    @Override // io.netty.handler.ssl.SslContext
    public final List<String> b() {
        return this.f;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final boolean c() {
        return this.k == 0;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final long f() {
        return this.g;
    }

    protected final void finalize() {
        super.finalize();
        m();
    }

    @Override // io.netty.handler.ssl.SslContext
    public abstract OpenSslSessionContext g();

    @Override // io.netty.handler.ssl.SslContext
    public final long h() {
        return this.h;
    }

    @Deprecated
    public final long j() {
        return this.b;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void m() {
        synchronized (OpenSslContext.class) {
            if (this.b != 0) {
                SSLContext.free(this.b);
                this.b = 0L;
            }
            if (this.c != 0) {
                Pool.destroy(this.c);
                this.c = 0L;
            }
        }
    }

    public final long n() {
        return this.b;
    }

    @Deprecated
    public final OpenSslSessionStats o() {
        return g().b();
    }
}
