package io.netty.handler.ssl;

import io.netty.buffer.AbstractByteBufAllocator;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.Unpooled;
import io.netty.handler.codec.base64.Base64;
import io.netty.handler.codec.base64.Base64Dialect;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.OpenSslX509KeyManagerFactory;
import io.netty.internal.tcnative.CertificateVerifier;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import io.netty.internal.tcnative.SSLPrivateKeyMethod;
import io.netty.util.AbstractReferenceCounted;
import io.netty.util.ReferenceCounted;
import io.netty.util.ResourceLeakDetectorFactory;
import io.netty.util.ResourceLeakTracker;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes4.dex */
public abstract class ReferenceCountedOpenSslContext extends SslContext implements ReferenceCounted {
    public static final InternalLogger W = InternalLoggerFactory.b(ReferenceCountedOpenSslContext.class.getName());
    public static final int X = ((Integer) AccessController.doPrivileged(new PrivilegedAction<Integer>() { // from class: io.netty.handler.ssl.ReferenceCountedOpenSslContext.1
        @Override // java.security.PrivilegedAction
        public final Integer run() {
            return Integer.valueOf(Math.max(1, SystemPropertyUtil.d("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048)));
        }
    })).intValue();
    public static final boolean Y = SystemPropertyUtil.c("io.netty.handler.ssl.openssl.useTasks", false);
    public static final Integer Z;

    /* renamed from: a0, reason: collision with root package name */
    public static final OpenSslApplicationProtocolNegotiator f26852a0;
    public final int H;
    public final ResourceLeakTracker<ReferenceCountedOpenSslContext> L;
    public final AbstractReferenceCounted M;
    public final Certificate[] P;
    public final ClientAuth Q;
    public final String[] R;
    public final boolean S;
    public final DefaultOpenSslEngineMap T;
    public final ReentrantReadWriteLock U;
    public volatile int V;
    public long s;

    /* renamed from: x, reason: collision with root package name */
    public final List<String> f26853x;

    /* renamed from: y, reason: collision with root package name */
    public final OpenSslApplicationProtocolNegotiator f26854y;

    /* renamed from: io.netty.handler.ssl.ReferenceCountedOpenSslContext$2, reason: invalid class name */
    /* loaded from: classes4.dex */
    public class AnonymousClass2 extends AbstractReferenceCounted {
        public AnonymousClass2() {
        }

        @Override // io.netty.util.AbstractReferenceCounted
        public final void O() {
            InternalLogger internalLogger = ReferenceCountedOpenSslContext.W;
            ReferenceCountedOpenSslContext referenceCountedOpenSslContext = ReferenceCountedOpenSslContext.this;
            referenceCountedOpenSslContext.q();
            ResourceLeakTracker<ReferenceCountedOpenSslContext> resourceLeakTracker = referenceCountedOpenSslContext.L;
            if (resourceLeakTracker != null) {
                resourceLeakTracker.c(referenceCountedOpenSslContext);
            }
        }

        @Override // io.netty.util.ReferenceCounted
        public final ReferenceCounted p(Object obj) {
            ReferenceCountedOpenSslContext referenceCountedOpenSslContext = ReferenceCountedOpenSslContext.this;
            ResourceLeakTracker<ReferenceCountedOpenSslContext> resourceLeakTracker = referenceCountedOpenSslContext.L;
            if (resourceLeakTracker != null) {
                resourceLeakTracker.a(obj);
            }
            return referenceCountedOpenSslContext;
        }
    }

    /* renamed from: io.netty.handler.ssl.ReferenceCountedOpenSslContext$5, reason: invalid class name */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass5 {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f26856a;
        public static final /* synthetic */ int[] b;

        /* renamed from: c, reason: collision with root package name */
        public static final /* synthetic */ int[] f26857c;

        static {
            int[] iArr = new int[ApplicationProtocolConfig.SelectedListenerFailureBehavior.values().length];
            f26857c = iArr;
            try {
                iArr[ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f26857c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[ApplicationProtocolConfig.SelectorFailureBehavior.values().length];
            b = iArr2;
            try {
                iArr2[ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                b[ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr3 = new int[ApplicationProtocolConfig.Protocol.values().length];
            f26856a = iArr3;
            try {
                iArr3[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                f26856a[ApplicationProtocolConfig.Protocol.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f26856a[ApplicationProtocolConfig.Protocol.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f26856a[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* loaded from: classes4.dex */
    public static abstract class AbstractCertificateVerifier extends CertificateVerifier {

        /* renamed from: a, reason: collision with root package name */
        public final OpenSslEngineMap f26858a;

        public AbstractCertificateVerifier(DefaultOpenSslEngineMap defaultOpenSslEngineMap) {
            this.f26858a = defaultOpenSslEngineMap;
        }
    }

    /* loaded from: classes4.dex */
    public static final class DefaultOpenSslEngineMap implements OpenSslEngineMap {

        /* renamed from: a, reason: collision with root package name */
        public final ConcurrentHashMap f26859a;

        public DefaultOpenSslEngineMap() {
            InternalLogger internalLogger = PlatformDependent.f27284a;
            this.f26859a = new ConcurrentHashMap();
        }

        public /* synthetic */ DefaultOpenSslEngineMap(int i) {
            this();
        }

        @Override // io.netty.handler.ssl.OpenSslEngineMap
        public final ReferenceCountedOpenSslEngine a(long j2) {
            return (ReferenceCountedOpenSslEngine) this.f26859a.remove(Long.valueOf(j2));
        }

        @Override // io.netty.handler.ssl.OpenSslEngineMap
        public final void b(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) {
            long j2;
            ConcurrentHashMap concurrentHashMap = this.f26859a;
            synchronized (referenceCountedOpenSslEngine) {
                j2 = referenceCountedOpenSslEngine.f26870a;
            }
            concurrentHashMap.put(Long.valueOf(j2), referenceCountedOpenSslEngine);
        }
    }

    /* loaded from: classes4.dex */
    public static final class PrivateKeyMethod implements SSLPrivateKeyMethod {
    }

    static {
        ResourceLeakDetectorFactory.b.b(ReferenceCountedOpenSslContext.class);
        f26852a0 = new OpenSslApplicationProtocolNegotiator() { // from class: io.netty.handler.ssl.ReferenceCountedOpenSslContext.3
            @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
            public final ApplicationProtocolConfig.SelectorFailureBehavior a() {
                return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
            }

            @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
            public final ApplicationProtocolConfig.Protocol b() {
                return ApplicationProtocolConfig.Protocol.NONE;
            }

            @Override // io.netty.handler.ssl.ApplicationProtocolNegotiator
            public final List<String> c() {
                return Collections.emptyList();
            }

            @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
            public final ApplicationProtocolConfig.SelectedListenerFailureBehavior e() {
                return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
            }
        };
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: io.netty.handler.ssl.ReferenceCountedOpenSslContext.4
                @Override // java.security.PrivilegedAction
                public final String run() {
                    return SystemPropertyUtil.b("jdk.tls.ephemeralDHKeySize", null);
                }
            });
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    W.x("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: ".concat(str));
                }
            }
        } catch (Throwable unused2) {
        }
        Z = num;
    }

    public ReferenceCountedOpenSslContext() {
        throw null;
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    /* JADX WARN: Removed duplicated region for block: B:24:0x00ce A[Catch: all -> 0x0172, TryCatch #0 {all -> 0x0172, blocks: (B:9:0x0062, B:12:0x006d, B:13:0x0073, B:15:0x0081, B:17:0x0088, B:19:0x008f, B:20:0x0091, B:22:0x00b0, B:24:0x00ce, B:25:0x00dd, B:27:0x00f2, B:28:0x00fb, B:30:0x0105, B:34:0x0120, B:35:0x0125, B:37:0x0126, B:42:0x0139, B:43:0x0141, B:44:0x0146, B:45:0x013e, B:46:0x0147, B:47:0x014b, B:48:0x0150, B:50:0x0095, B:52:0x00a9, B:56:0x0175, B:57:0x0188, B:54:0x018a, B:65:0x018c, B:66:0x0193), top: B:8:0x0062, inners: #1, #2, #3 }] */
    /* JADX WARN: Removed duplicated region for block: B:27:0x00f2 A[Catch: all -> 0x0172, TryCatch #0 {all -> 0x0172, blocks: (B:9:0x0062, B:12:0x006d, B:13:0x0073, B:15:0x0081, B:17:0x0088, B:19:0x008f, B:20:0x0091, B:22:0x00b0, B:24:0x00ce, B:25:0x00dd, B:27:0x00f2, B:28:0x00fb, B:30:0x0105, B:34:0x0120, B:35:0x0125, B:37:0x0126, B:42:0x0139, B:43:0x0141, B:44:0x0146, B:45:0x013e, B:46:0x0147, B:47:0x014b, B:48:0x0150, B:50:0x0095, B:52:0x00a9, B:56:0x0175, B:57:0x0188, B:54:0x018a, B:65:0x018c, B:66:0x0193), top: B:8:0x0062, inners: #1, #2, #3 }] */
    /* JADX WARN: Removed duplicated region for block: B:30:0x0105 A[Catch: all -> 0x0172, TryCatch #0 {all -> 0x0172, blocks: (B:9:0x0062, B:12:0x006d, B:13:0x0073, B:15:0x0081, B:17:0x0088, B:19:0x008f, B:20:0x0091, B:22:0x00b0, B:24:0x00ce, B:25:0x00dd, B:27:0x00f2, B:28:0x00fb, B:30:0x0105, B:34:0x0120, B:35:0x0125, B:37:0x0126, B:42:0x0139, B:43:0x0141, B:44:0x0146, B:45:0x013e, B:46:0x0147, B:47:0x014b, B:48:0x0150, B:50:0x0095, B:52:0x00a9, B:56:0x0175, B:57:0x0188, B:54:0x018a, B:65:0x018c, B:66:0x0193), top: B:8:0x0062, inners: #1, #2, #3 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public ReferenceCountedOpenSslContext(io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator r10, java.security.cert.Certificate[] r11, io.netty.handler.ssl.ClientAuth r12) {
        /*
            Method dump skipped, instructions count: 408
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.netty.handler.ssl.ReferenceCountedOpenSslContext.<init>(io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator, java.security.cert.Certificate[], io.netty.handler.ssl.ClientAuth):void");
    }

    public static void C(long j2, X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
        long j3;
        long j4;
        long j5 = 0;
        PemEncoded pemEncoded = null;
        try {
            try {
                AbstractByteBufAllocator abstractByteBufAllocator = ByteBufAllocator.f25601a;
                pemEncoded = PemX509Certificate.d(abstractByteBufAllocator, x509CertificateArr);
                j4 = E(abstractByteBufAllocator, pemEncoded.a());
                try {
                    long E = E(abstractByteBufAllocator, pemEncoded.a());
                    if (privateKey != null) {
                        try {
                            j5 = G(abstractByteBufAllocator, privateKey);
                        } catch (SSLException e) {
                            throw e;
                        } catch (Exception e2) {
                            e = e2;
                            throw new SSLException("failed to set certificate and key", e);
                        } catch (Throwable th) {
                            th = th;
                            j3 = E;
                            s(j5);
                            s(j4);
                            s(j3);
                            if (pemEncoded != null) {
                                pemEncoded.release();
                            }
                            throw th;
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j2, j4, j5, "");
                        SSLContext.setCertificateChainBio(j2, E, true);
                        s(j5);
                        s(j4);
                        s(E);
                        pemEncoded.release();
                    } catch (SSLException e3) {
                    } catch (Exception e4) {
                        e = e4;
                        throw new SSLException("failed to set certificate and key", e);
                    }
                } catch (SSLException e5) {
                } catch (Exception e6) {
                    e = e6;
                } catch (Throwable th2) {
                    th = th2;
                    j3 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e7) {
            throw e7;
        } catch (Exception e8) {
            e = e8;
        } catch (Throwable th4) {
            th = th4;
            j3 = 0;
            j4 = 0;
        }
    }

    public static long E(AbstractByteBufAllocator abstractByteBufAllocator, PemEncoded pemEncoded) {
        try {
            ByteBuf e = pemEncoded.e();
            if (e.g2()) {
                return u(e.Y2());
            }
            ByteBuf m = abstractByteBufAllocator.m(e.S2());
            try {
                m.D3(e.T2(), e.S2(), e);
                long u = u(m.Y2());
                try {
                    if (pemEncoded.r0()) {
                        SslUtils.j(m);
                    }
                    return u;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (pemEncoded.r0()) {
                        SslUtils.j(m);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            pemEncoded.release();
        }
    }

    public static long G(AbstractByteBufAllocator abstractByteBufAllocator, PrivateKey privateKey) {
        PemEncoded pemEncoded;
        if (privateKey == null) {
            return 0L;
        }
        byte[] bArr = PemPrivateKey.H;
        if (privateKey instanceof PemEncoded) {
            pemEncoded = ((PemEncoded) privateKey).a();
        } else {
            byte[] encoded = privateKey.getEncoded();
            if (encoded == null) {
                throw new IllegalArgumentException(privateKey.getClass().getName().concat(" does not support encoding"));
            }
            ByteBuf f = Unpooled.f(encoded);
            try {
                Set<String> set = SslUtils.f26927a;
                ByteBuf b = Base64.b(f, f.T2(), f.S2(), true, Base64Dialect.STANDARD, abstractByteBufAllocator);
                f.U2(f.V3());
                try {
                    byte[] bArr2 = PemPrivateKey.H;
                    int length = bArr2.length + b.S2();
                    byte[] bArr3 = PemPrivateKey.L;
                    ByteBuf m = abstractByteBufAllocator.m(length + bArr3.length);
                    try {
                        m.I3(bArr2);
                        m.G3(b);
                        m.I3(bArr3);
                        PemValue pemValue = new PemValue(m, true);
                        SslUtils.j(f);
                        f.release();
                        pemEncoded = pemValue;
                    } finally {
                    }
                } finally {
                    SslUtils.j(b);
                    b.release();
                }
            } catch (Throwable th) {
                SslUtils.j(f);
                f.release();
                throw th;
            }
        }
        try {
            return E(abstractByteBufAllocator, pemEncoded.a());
        } finally {
            pemEncoded.release();
        }
    }

    public static long H(AbstractByteBufAllocator abstractByteBufAllocator, X509Certificate... x509CertificateArr) {
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        PemEncoded d = PemX509Certificate.d(abstractByteBufAllocator, x509CertificateArr);
        try {
            return E(abstractByteBufAllocator, d.a());
        } finally {
            d.release();
        }
    }

    public static boolean I(X509TrustManager x509TrustManager) {
        return PlatformDependent.H() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    public static X509TrustManager n(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
                return PlatformDependent.H() >= 7 ? OpenSslX509TrustManagerWrapper.b.a(x509TrustManager) : x509TrustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static void s(long j2) {
        if (j2 != 0) {
            SSL.freeBIO(j2);
        }
    }

    public static long u(ByteBuf byteBuf) {
        try {
            long newMemBIO = SSL.newMemBIO();
            int S2 = byteBuf.S2();
            if (SSL.bioWrite(newMemBIO, OpenSsl.i(byteBuf) + byteBuf.T2(), S2) == S2) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            byteBuf.release();
        }
    }

    public static OpenSslKeyMaterialProvider z(KeyManagerFactory keyManagerFactory) {
        if (keyManagerFactory instanceof OpenSslX509KeyManagerFactory) {
            OpenSslX509KeyManagerFactory.OpenSslKeyManagerFactorySpi.ProviderFactory providerFactory = ((OpenSslX509KeyManagerFactory) keyManagerFactory).f26837a.b;
            if (providerFactory != null) {
                return new OpenSslX509KeyManagerFactory.OpenSslKeyManagerFactorySpi.ProviderFactory.OpenSslPopulatedKeyMaterialProvider(providerFactory.f26839a, providerFactory.b, providerFactory.f26840c);
            }
            throw new IllegalStateException("engineInit(...) not called yet");
        }
        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
            if (keyManager instanceof X509KeyManager) {
                X509KeyManager x509KeyManager = (X509KeyManager) keyManager;
                return keyManagerFactory instanceof OpenSslCachingX509KeyManagerFactory ? new OpenSslCachingKeyMaterialProvider(x509KeyManager) : new OpenSslKeyMaterialProvider(x509KeyManager, null);
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    public abstract OpenSslSessionContext A();

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted a() {
        this.M.a();
        return this;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final boolean f() {
        return this.H == 0;
    }

    @Override // io.netty.util.ReferenceCounted
    public final int g0() {
        return this.M.g0();
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SSLEngine h(ByteBufAllocator byteBufAllocator) {
        return w(byteBufAllocator, true);
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SslHandler k(ByteBufAllocator byteBufAllocator, boolean z2) {
        return new SslHandler(w(byteBufAllocator, false), z2);
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted l() {
        this.M.l();
        return this;
    }

    public final OpenSslApplicationProtocolNegotiator m() {
        return this.f26854y;
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted p(Object obj) {
        ((AnonymousClass2) this.M).p(obj);
        return this;
    }

    public final void q() {
        Lock writeLock = this.U.writeLock();
        writeLock.lock();
        try {
            long j2 = this.s;
            if (j2 != 0) {
                if (this.S) {
                    SSLContext.disableOcsp(j2);
                }
                SSLContext.free(this.s);
                this.s = 0L;
                OpenSslSessionContext A = A();
                if (A != null) {
                    A.a();
                }
            }
        } finally {
            writeLock.unlock();
        }
    }

    @Override // io.netty.util.ReferenceCounted
    public final boolean release() {
        return this.M.release();
    }

    public final int t() {
        return this.V;
    }

    public SSLEngine w(ByteBufAllocator byteBufAllocator, boolean z2) {
        return new ReferenceCountedOpenSslEngine(this, byteBufAllocator, z2, true);
    }
}
