package io.grpc.netty.shaded.io.netty.handler.ssl;

import defpackage.bw0;
import defpackage.dl0;
import defpackage.fr0;
import defpackage.ih0;
import defpackage.kg0;
import defpackage.lg0;
import defpackage.lm0;
import defpackage.nm0;
import defpackage.q7;
import defpackage.r7;
import defpackage.rw;
import defpackage.sa0;
import defpackage.ua;
import defpackage.ua0;
import defpackage.va;
import defpackage.wr0;
import defpackage.ys0;
import defpackage.z8;
import defpackage.za0;
import io.grpc.netty.shaded.io.netty.handler.ssl.ApplicationProtocolConfig;
import io.grpc.netty.shaded.io.netty.handler.ssl.a0;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSL;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSLContext;
import io.grpc.netty.shaded.io.netty.util.ResourceLeakDetector;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes5.dex */
public abstract class d0 extends g0 implements dl0 {
    public static final Integer r;
    public long b;
    public final List<String> c;
    public final q d;
    public final int e;

    /* renamed from: f, reason: collision with root package name */
    public final nm0<d0> f1364f;

    /* renamed from: g, reason: collision with root package name */
    public final defpackage.k0 f1365g;
    public final Certificate[] h;
    public final ClientAuth i;

    /* renamed from: j, reason: collision with root package name */
    public final String[] f1366j;
    public final boolean k;

    /* renamed from: l, reason: collision with root package name */
    public final ua0 f1367l;
    public final ReadWriteLock m;
    public volatile int n;
    public static final rw o = wr0.a(d0.class.getName());
    public static final int p = Math.max(1, ys0.d("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048));
    public static final boolean q = ys0.c("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.useTasks", false);
    public static final ResourceLeakDetector<d0> s = lm0.b.a(d0.class);
    public static final q x = new b();

    /* loaded from: classes5.dex */
    public class a extends defpackage.k0 {
        public a() {
        }

        @Override // defpackage.k0
        public void a() {
            w wVar;
            d0 d0Var = d0.this;
            Lock writeLock = d0Var.m.writeLock();
            writeLock.lock();
            try {
                long j2 = d0Var.b;
                if (j2 != 0) {
                    if (d0Var.k) {
                        SSLContext.disableOcsp(j2);
                    }
                    SSLContext.free(d0Var.b);
                    d0Var.b = 0L;
                    za0 y = d0Var.y();
                    if (y != null && (wVar = y.a) != null) {
                        wVar.b();
                    }
                }
                writeLock.unlock();
                d0 d0Var2 = d0.this;
                nm0<d0> nm0Var = d0Var2.f1364f;
                if (nm0Var != null) {
                    nm0Var.close(d0Var2);
                }
            } catch (Throwable th) {
                writeLock.unlock();
                throw th;
            }
        }

        @Override // defpackage.dl0
        public dl0 q(Object obj) {
            nm0<d0> nm0Var = d0.this.f1364f;
            if (nm0Var != null) {
                nm0Var.a(obj);
            }
            return d0.this;
        }
    }

    /* loaded from: classes5.dex */
    public static class b implements q {
        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.q
        public ApplicationProtocolConfig.SelectorFailureBehavior a() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // defpackage.b3
        public List<String> b() {
            return Collections.emptyList();
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.q
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior d() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.q
        public ApplicationProtocolConfig.Protocol protocol() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }
    }

    /* loaded from: classes5.dex */
    public static abstract class c extends z8 {
        public c(ua0 ua0Var) {
        }
    }

    /* loaded from: classes5.dex */
    public static final class d implements ua0 {
        public final Map<Long, e0> a;

        public d(a aVar) {
            rw rwVar = ih0.a;
            this.a = new ConcurrentHashMap();
        }
    }

    static {
        Integer num = null;
        try {
            String b2 = ys0.b("jdk.tls.ephemeralDHKeySize", null);
            if (b2 != null) {
                try {
                    num = Integer.valueOf(b2);
                } catch (NumberFormatException unused) {
                    o.u("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + b2);
                }
            }
        } catch (Throwable unused2) {
        }
        r = num;
    }

    public d0(Iterable<String> iterable, va vaVar, ApplicationProtocolConfig applicationProtocolConfig, long j2, long j3, int i, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2, boolean z3) throws SSLException {
        this(iterable, vaVar, D(applicationProtocolConfig), j2, j3, i, certificateArr, clientAuth, strArr, z, z2, z3);
    }

    public d0(Iterable<String> iterable, va vaVar, q qVar, long j2, long j3, int i, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2, boolean z3) throws SSLException {
        super(z);
        ClientAuth clientAuth2;
        this.f1365g = new a();
        this.f1367l = new d(null);
        this.m = new ReentrantReadWriteLock();
        this.n = p;
        Throwable th = p.b;
        if (th != null) {
            throw ((Error) new UnsatisfiedLinkError("failed to load the required native library").initCause(th));
        }
        if (z2 && !p.h) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.f1364f = z3 ? s.c(this) : null;
        this.e = i;
        if (e()) {
            Objects.requireNonNull(clientAuth, "clientAuth");
            clientAuth2 = clientAuth;
        } else {
            clientAuth2 = ClientAuth.NONE;
        }
        this.i = clientAuth2;
        this.f1366j = strArr;
        this.k = z2;
        this.h = certificateArr != null ? (Certificate[]) certificateArr.clone() : null;
        Objects.requireNonNull(vaVar, "cipherFilter");
        List<String> asList = Arrays.asList(vaVar.a(iterable, p.c, p.f1386f));
        this.c = asList;
        Objects.requireNonNull(qVar, "apn");
        this.d = qVar;
        try {
            try {
                boolean z4 = p.i;
                this.b = SSLContext.make(z4 ? 62 : 30, i);
                StringBuilder sb = new StringBuilder();
                StringBuilder sb2 = new StringBuilder();
                try {
                    int i2 = 0;
                    if (asList.isEmpty()) {
                        SSLContext.setCipherSuite(this.b, "", false);
                        if (z4) {
                            SSLContext.setCipherSuite(this.b, "", true);
                        }
                    } else {
                        ua.a(asList, sb, sb2, p.f1388j);
                        SSLContext.setCipherSuite(this.b, sb.toString(), false);
                        if (z4) {
                            SSLContext.setCipherSuite(this.b, sb2.toString(), true);
                        }
                    }
                    int options = SSLContext.getOptions(this.b);
                    int i3 = SSL.b;
                    int i4 = SSL.c;
                    int i5 = options | i3 | i4 | SSL.f1390g | SSL.a | SSL.i | SSL.h;
                    SSLContext.setOptions(this.b, sb.length() == 0 ? i5 | i3 | i4 | SSL.d | SSL.e | SSL.f1389f : i5);
                    long j4 = this.b;
                    SSLContext.setMode(j4, SSLContext.getMode(j4) | SSL.k);
                    Integer num = r;
                    if (num != null) {
                        SSLContext.setTmpDHLength(this.b, num.intValue());
                    }
                    List<String> b2 = qVar.b();
                    if (!b2.isEmpty()) {
                        String[] strArr2 = (String[]) b2.toArray(new String[0]);
                        int ordinal = qVar.a().ordinal();
                        if (ordinal != 1) {
                            if (ordinal != 2) {
                                throw new Error();
                            }
                            i2 = 1;
                        }
                        int ordinal2 = qVar.protocol().ordinal();
                        if (ordinal2 == 1) {
                            SSLContext.setNpnProtos(this.b, strArr2, i2);
                        } else if (ordinal2 == 2) {
                            SSLContext.setAlpnProtos(this.b, strArr2, i2);
                        } else {
                            if (ordinal2 != 3) {
                                throw new Error();
                            }
                            SSLContext.setNpnProtos(this.b, strArr2, i2);
                            SSLContext.setAlpnProtos(this.b, strArr2, i2);
                        }
                    }
                    SSLContext.setSessionCacheSize(this.b, j2 <= 0 ? SSLContext.setSessionCacheSize(this.b, 20480L) : j2);
                    SSLContext.setSessionCacheTimeout(this.b, j3 <= 0 ? SSLContext.setSessionCacheTimeout(this.b, 300L) : j3);
                    if (z2) {
                        SSLContext.enableOcsp(this.b, d());
                    }
                    SSLContext.setUseTasks(this.b, q);
                } catch (SSLException e) {
                    throw e;
                } catch (Exception e2) {
                    throw new SSLException("failed to set cipher suite: " + this.c, e2);
                }
            } catch (Exception e3) {
                throw new SSLException("failed to create an SSL_CTX", e3);
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    public static long A(r7 r7Var, kg0 kg0Var) throws Exception {
        try {
            q7 s2 = kg0Var.s();
            if (s2.z0()) {
                return v(s2.z1());
            }
            q7 o2 = r7Var.o(s2.u1());
            try {
                o2.c2(s2, s2.v1(), s2.u1());
                long v = v(o2.z1());
                try {
                    if (kg0Var.p()) {
                        fr0.i(o2);
                    }
                    return v;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (kg0Var.p()) {
                        fr0.i(o2);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            kg0Var.release();
        }
    }

    public static long B(r7 r7Var, PrivateKey privateKey) throws Exception {
        kg0 kg0Var;
        if (privateKey == null) {
            return 0L;
        }
        byte[] bArr = PemPrivateKey.f1361f;
        if (privateKey instanceof kg0) {
            kg0Var = ((kg0) privateKey).h();
        } else {
            byte[] encoded = privateKey.getEncoded();
            if (encoded == null) {
                throw new IllegalArgumentException(privateKey.getClass().getName() + " does not support encoding");
            }
            q7 d2 = bw0.d(encoded);
            try {
                q7 f2 = fr0.f(r7Var, d2);
                try {
                    byte[] bArr2 = PemPrivateKey.f1361f;
                    int length = bArr2.length + f2.u1();
                    byte[] bArr3 = PemPrivateKey.f1362g;
                    q7 o2 = r7Var.o(length + bArr3.length);
                    try {
                        o2.e2(bArr2);
                        o2.a2(f2);
                        o2.e2(bArr3);
                        lg0 lg0Var = new lg0(o2, true);
                        fr0.i(d2);
                        d2.release();
                        kg0Var = lg0Var;
                    } catch (Throwable th) {
                        fr0.i(o2);
                        o2.release();
                        throw th;
                    }
                } finally {
                    fr0.i(f2);
                    f2.release();
                }
            } catch (Throwable th2) {
                fr0.i(d2);
                d2.release();
                throw th2;
            }
        }
        try {
            return A(r7Var, kg0Var.h());
        } finally {
            kg0Var.release();
        }
    }

    public static long C(r7 r7Var, X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        kg0 c2 = PemX509Certificate.c(r7Var, true, x509CertificateArr);
        try {
            return A(r7Var, c2.h());
        } finally {
            c2.release();
        }
    }

    public static q D(ApplicationProtocolConfig applicationProtocolConfig) {
        int ordinal;
        if (applicationProtocolConfig != null && (ordinal = applicationProtocolConfig.b.ordinal()) != 0) {
            if (ordinal != 1 && ordinal != 2 && ordinal != 3) {
                throw new Error();
            }
            int ordinal2 = applicationProtocolConfig.d.ordinal();
            if (ordinal2 != 0 && ordinal2 != 2) {
                throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.d + " behavior");
            }
            int ordinal3 = applicationProtocolConfig.c.ordinal();
            if (ordinal3 == 1 || ordinal3 == 2) {
                return new t(applicationProtocolConfig);
            }
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.c + " behavior");
        }
        return x;
    }

    public static X509TrustManager m(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                rw rwVar = ih0.a;
                if (io.grpc.netty.shaded.io.netty.util.internal.d.f1420g < 7) {
                    return (X509TrustManager) trustManager;
                }
                return b0.b.a((X509TrustManager) trustManager);
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static X509KeyManager r(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    public static void u(long j2) {
        if (j2 != 0) {
            SSL.freeBIO(j2);
        }
    }

    public static long v(q7 q7Var) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int u1 = q7Var.u1();
            if (SSL.bioWrite(newMemBIO, p.e(q7Var) + q7Var.v1(), u1) == u1) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            q7Var.release();
        }
    }

    public static w x(KeyManagerFactory keyManagerFactory, String str) {
        if (!(keyManagerFactory instanceof a0)) {
            X509KeyManager r2 = r(keyManagerFactory.getKeyManagers());
            return keyManagerFactory instanceof r ? new sa0(r2, str) : new w(r2, str);
        }
        a0.a.C0196a c0196a = ((a0) keyManagerFactory).a.b;
        if (c0196a != null) {
            return new a0.a.C0196a.C0197a(c0196a.a, c0196a.b, c0196a.c);
        }
        throw new IllegalStateException("engineInit(...) not called yet");
    }

    public static void z(long j2, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j3;
        long j4;
        long j5 = 0;
        kg0 kg0Var = null;
        try {
            try {
                r7 r7Var = r7.a;
                kg0Var = PemX509Certificate.c(r7Var, true, x509CertificateArr);
                j4 = A(r7Var, kg0Var.h());
                try {
                    long A = A(r7Var, kg0Var.h());
                    if (privateKey != null) {
                        try {
                            j5 = B(r7Var, privateKey);
                        } catch (SSLException e) {
                            throw e;
                        } catch (Exception e2) {
                            e = e2;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j2, j4, j5, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j2, A, true);
                        u(j5);
                        u(j4);
                        u(A);
                        kg0Var.release();
                    } catch (SSLException e3) {
                        throw e3;
                    } catch (Exception e4) {
                        e = e4;
                        throw new SSLException("failed to set certificate and key", e);
                    } catch (Throwable th) {
                        th = th;
                        j3 = A;
                        u(j5);
                        u(j4);
                        u(j3);
                        if (kg0Var != null) {
                            kg0Var.release();
                        }
                        throw th;
                    }
                } catch (SSLException e5) {
                    throw e5;
                } catch (Exception e6) {
                    e = e6;
                } catch (Throwable th2) {
                    th = th2;
                    j3 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e7) {
            throw e7;
        } catch (Exception e8) {
            e = e8;
        } catch (Throwable th4) {
            th = th4;
            j3 = 0;
            j4 = 0;
        }
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.g0
    public final boolean d() {
        return this.e == 0;
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.g0
    public final SSLEngine g(r7 r7Var, String str, int i) {
        return w(r7Var, str, i, true);
    }

    @Override // defpackage.dl0
    public final dl0 h() {
        this.f1365g.h();
        return this;
    }

    @Override // defpackage.dl0
    public final dl0 l() {
        this.f1365g.l();
        return this;
    }

    @Override // defpackage.dl0
    public final int n() {
        return this.f1365g.n();
    }

    @Override // defpackage.dl0
    public final dl0 q(Object obj) {
        this.f1365g.q(obj);
        return this;
    }

    @Override // defpackage.dl0
    public final boolean release() {
        return this.f1365g.release();
    }

    @Override // defpackage.dl0
    public final boolean t(int i) {
        return this.f1365g.t(i);
    }

    public SSLEngine w(r7 r7Var, String str, int i, boolean z) {
        return new e0(this, r7Var, str, i, z, true);
    }

    public abstract za0 y();
}
