package defpackage;

import defpackage.vb1;
import io.grpc.netty.shaded.io.netty.handler.ssl.ApplicationProtocolConfig;
import io.grpc.netty.shaded.io.netty.handler.ssl.ClientAuth;
import io.grpc.netty.shaded.io.netty.handler.ssl.PemPrivateKey;
import io.grpc.netty.shaded.io.netty.handler.ssl.PemX509Certificate;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSL;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSLContext;
import io.grpc.netty.shaded.io.netty.util.ResourceLeakDetector;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* compiled from: ReferenceCountedOpenSslContext.java */
/* loaded from: classes4.dex */
public abstract class ac1 extends gc1 implements nd1 {
    public static final Integer e;
    public long h;
    public final List<String> i;
    public final cb1 j;
    public final int k;
    public final qd1<ac1> l;
    public final xc1 m;
    public final Certificate[] n;
    public final ClientAuth o;
    public final String[] p;
    public final boolean q;
    public final jb1 r;
    public final ReadWriteLock s;
    public volatile int x;
    public static final qg1 b = rg1.a(ac1.class.getName());
    public static final int c = Math.max(1, ig1.d("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048));
    public static final boolean d = ig1.c("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.useTasks", false);
    public static final ResourceLeakDetector<ac1> f = od1.b.a(ac1.class);
    public static final cb1 g = new b();

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    public class a extends xc1 {
        public a() {
        }

        @Override // defpackage.xc1
        public void a() {
            nb1 nb1Var;
            ac1 ac1Var = ac1.this;
            Lock writeLock = ac1Var.s.writeLock();
            writeLock.lock();
            try {
                long j = ac1Var.h;
                if (j != 0) {
                    if (ac1Var.q) {
                        SSLContext.disableOcsp(j);
                    }
                    SSLContext.free(ac1Var.h);
                    ac1Var.h = 0L;
                    sb1 z = ac1Var.z();
                    if (z != null && (nb1Var = z.b) != null) {
                        nb1Var.b();
                    }
                }
                writeLock.unlock();
                ac1 ac1Var2 = ac1.this;
                qd1<ac1> qd1Var = ac1Var2.l;
                if (qd1Var != null) {
                    qd1Var.close(ac1Var2);
                }
            } catch (Throwable th) {
                writeLock.unlock();
                throw th;
            }
        }

        @Override // defpackage.nd1
        public nd1 s(Object obj) {
            qd1<ac1> qd1Var = ac1.this.l;
            if (qd1Var != null) {
                qd1Var.a(obj);
            }
            return ac1.this;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    public static class b implements cb1 {
        @Override // defpackage.cb1
        public ApplicationProtocolConfig.SelectorFailureBehavior a() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // defpackage.ga1
        public List<String> b() {
            return Collections.emptyList();
        }

        @Override // defpackage.cb1
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior d() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }

        @Override // defpackage.cb1
        public ApplicationProtocolConfig.Protocol protocol() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    public static abstract class c extends rc1 {
        public c(jb1 jb1Var) {
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    public static final class d implements jb1 {
        public final Map<Long, bc1> a;

        public d() {
            qg1 qg1Var = yf1.a;
            this.a = new ConcurrentHashMap();
        }

        public d(a aVar) {
            qg1 qg1Var = yf1.a;
            this.a = new ConcurrentHashMap();
        }
    }

    static {
        Integer num = null;
        try {
            String b2 = ig1.b("jdk.tls.ephemeralDHKeySize", null);
            if (b2 != null) {
                try {
                    num = Integer.valueOf(b2);
                } catch (NumberFormatException unused) {
                    b.u("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + b2);
                }
            }
        } catch (Throwable unused2) {
        }
        e = num;
    }

    public ac1(Iterable<String> iterable, ia1 ia1Var, cb1 cb1Var, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2, boolean z3) throws SSLException {
        super(z);
        ClientAuth clientAuth2;
        this.m = new a();
        this.r = new d(null);
        this.s = new ReentrantReadWriteLock();
        this.x = c;
        Throwable th = bb1.b;
        if (th != null) {
            throw ((Error) new UnsatisfiedLinkError("failed to load the required native library").initCause(th));
        }
        if (z2 && !bb1.h) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.l = z3 ? f.c(this) : null;
        this.k = i;
        if (e()) {
            Objects.requireNonNull(clientAuth, "clientAuth");
            clientAuth2 = clientAuth;
        } else {
            clientAuth2 = ClientAuth.NONE;
        }
        this.o = clientAuth2;
        this.p = strArr;
        this.q = z2;
        this.n = certificateArr != null ? (Certificate[]) certificateArr.clone() : null;
        Objects.requireNonNull(ia1Var, "cipherFilter");
        List<String> asList = Arrays.asList(ia1Var.a(iterable, bb1.c, bb1.f));
        this.i = asList;
        Objects.requireNonNull(cb1Var, "apn");
        this.j = cb1Var;
        try {
            try {
                boolean z4 = bb1.i;
                this.h = SSLContext.make(z4 ? 62 : 30, i);
                StringBuilder sb = new StringBuilder();
                StringBuilder sb2 = new StringBuilder();
                try {
                    int i2 = 0;
                    if (asList.isEmpty()) {
                        SSLContext.setCipherSuite(this.h, "", false);
                        if (z4) {
                            SSLContext.setCipherSuite(this.h, "", true);
                        }
                    } else {
                        ha1.a(asList, sb, sb2, bb1.j);
                        SSLContext.setCipherSuite(this.h, sb.toString(), false);
                        if (z4) {
                            SSLContext.setCipherSuite(this.h, sb2.toString(), true);
                        }
                    }
                    int options = SSLContext.getOptions(this.h);
                    int i3 = SSL.b;
                    int i4 = SSL.c;
                    int i5 = options | i3 | i4 | SSL.g | SSL.a | SSL.i | SSL.h;
                    SSLContext.setOptions(this.h, sb.length() == 0 ? i5 | i3 | i4 | SSL.d | SSL.e | SSL.f : i5);
                    long j3 = this.h;
                    SSLContext.setMode(j3, SSLContext.getMode(j3) | SSL.k);
                    Integer num = e;
                    if (num != null) {
                        SSLContext.setTmpDHLength(this.h, num.intValue());
                    }
                    List<String> b2 = cb1Var.b();
                    if (!b2.isEmpty()) {
                        String[] strArr2 = (String[]) b2.toArray(new String[0]);
                        int ordinal = cb1Var.a().ordinal();
                        if (ordinal != 1) {
                            if (ordinal != 2) {
                                throw new Error();
                            }
                            i2 = 1;
                        }
                        int ordinal2 = cb1Var.protocol().ordinal();
                        if (ordinal2 == 1) {
                            SSLContext.setNpnProtos(this.h, strArr2, i2);
                        } else if (ordinal2 == 2) {
                            SSLContext.setAlpnProtos(this.h, strArr2, i2);
                        } else {
                            if (ordinal2 != 3) {
                                throw new Error();
                            }
                            SSLContext.setNpnProtos(this.h, strArr2, i2);
                            SSLContext.setAlpnProtos(this.h, strArr2, i2);
                        }
                    }
                    SSLContext.setSessionCacheSize(this.h, j <= 0 ? SSLContext.setSessionCacheSize(this.h, 20480L) : j);
                    SSLContext.setSessionCacheTimeout(this.h, j2 <= 0 ? SSLContext.setSessionCacheTimeout(this.h, 300L) : j2);
                    if (z2) {
                        SSLContext.enableOcsp(this.h, d());
                    }
                    SSLContext.setUseTasks(this.h, d);
                } catch (SSLException e2) {
                    throw e2;
                } catch (Exception e3) {
                    throw new SSLException("failed to set cipher suite: " + this.i, e3);
                }
            } catch (Exception e4) {
                throw new SSLException("failed to create an SSL_CTX", e4);
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    public ac1(Iterable<String> iterable, ia1 ia1Var, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2, boolean z3) throws SSLException {
        this(iterable, ia1Var, E(applicationProtocolConfig), j, j2, i, certificateArr, clientAuth, strArr, z, z2, z3);
    }

    public static void A(long j, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j2;
        long j3;
        long j4 = 0;
        xb1 xb1Var = null;
        try {
            try {
                g01 g01Var = g01.a;
                xb1Var = PemX509Certificate.c(g01Var, true, x509CertificateArr);
                j3 = B(g01Var, xb1Var.h());
                try {
                    long B = B(g01Var, xb1Var.h());
                    if (privateKey != null) {
                        try {
                            j4 = C(g01Var, privateKey);
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            e = e3;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j, j3, j4, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j, B, true);
                        v(j4);
                        v(j3);
                        v(B);
                        xb1Var.release();
                    } catch (SSLException e4) {
                        throw e4;
                    } catch (Exception e5) {
                        e = e5;
                        throw new SSLException("failed to set certificate and key", e);
                    } catch (Throwable th) {
                        th = th;
                        j2 = B;
                        v(j4);
                        v(j3);
                        v(j2);
                        if (xb1Var != null) {
                            xb1Var.release();
                        }
                        throw th;
                    }
                } catch (SSLException e6) {
                    throw e6;
                } catch (Exception e7) {
                    e = e7;
                } catch (Throwable th2) {
                    th = th2;
                    j2 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e8) {
            throw e8;
        } catch (Exception e9) {
            e = e9;
        } catch (Throwable th4) {
            th = th4;
            j2 = 0;
            j3 = 0;
        }
    }

    public static long B(g01 g01Var, xb1 xb1Var) throws Exception {
        try {
            f01 t = xb1Var.t();
            if (t.z0()) {
                return w(t.z1());
            }
            f01 g2 = g01Var.g(t.u1());
            try {
                g2.c2(t, t.v1(), t.u1());
                long w = w(g2.z1());
                try {
                    if (xb1Var.q()) {
                        oc1.i(g2);
                    }
                    return w;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (xb1Var.q()) {
                        oc1.i(g2);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            xb1Var.release();
        }
    }

    public static long C(g01 g01Var, PrivateKey privateKey) throws Exception {
        xb1 xb1Var;
        if (privateKey == null) {
            return 0L;
        }
        byte[] bArr = PemPrivateKey.e;
        if (privateKey instanceof xb1) {
            xb1Var = ((xb1) privateKey).h();
        } else {
            byte[] encoded = privateKey.getEncoded();
            if (encoded == null) {
                throw new IllegalArgumentException(privateKey.getClass().getName() + " does not support encoding");
            }
            f01 d2 = e11.d(encoded);
            try {
                f01 f2 = oc1.f(g01Var, d2);
                try {
                    byte[] bArr2 = PemPrivateKey.e;
                    int length = bArr2.length + f2.u1();
                    byte[] bArr3 = PemPrivateKey.f;
                    f01 g2 = g01Var.g(length + bArr3.length);
                    try {
                        g2.e2(bArr2);
                        g2.a2(f2);
                        g2.e2(bArr3);
                        yb1 yb1Var = new yb1(g2, true);
                        oc1.i(d2);
                        d2.release();
                        xb1Var = yb1Var;
                    } catch (Throwable th) {
                        oc1.i(g2);
                        g2.release();
                        throw th;
                    }
                } finally {
                    oc1.i(f2);
                    f2.release();
                }
            } catch (Throwable th2) {
                oc1.i(d2);
                d2.release();
                throw th2;
            }
        }
        try {
            return B(g01Var, xb1Var.h());
        } finally {
            xb1Var.release();
        }
    }

    public static long D(g01 g01Var, X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        xb1 c2 = PemX509Certificate.c(g01Var, true, x509CertificateArr);
        try {
            return B(g01Var, c2.h());
        } finally {
            c2.release();
        }
    }

    public static cb1 E(ApplicationProtocolConfig applicationProtocolConfig) {
        int ordinal;
        if (applicationProtocolConfig != null && (ordinal = applicationProtocolConfig.b.ordinal()) != 0) {
            if (ordinal != 1 && ordinal != 2 && ordinal != 3) {
                throw new Error();
            }
            int ordinal2 = applicationProtocolConfig.d.ordinal();
            if (ordinal2 != 0 && ordinal2 != 2) {
                throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.d + " behavior");
            }
            int ordinal3 = applicationProtocolConfig.c.ordinal();
            if (ordinal3 == 1 || ordinal3 == 2) {
                return new hb1(applicationProtocolConfig);
            }
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.c + " behavior");
        }
        return g;
    }

    public static X509TrustManager m(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                qg1 qg1Var = yf1.a;
                if (zf1.g < 7) {
                    return (X509TrustManager) trustManager;
                }
                return wb1.b.a((X509TrustManager) trustManager);
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static X509KeyManager r(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    public static void v(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    public static long w(f01 f01Var) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int u1 = f01Var.u1();
            if (SSL.bioWrite(newMemBIO, bb1.e(f01Var) + f01Var.v1(), u1) == u1) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            f01Var.release();
        }
    }

    public static nb1 y(KeyManagerFactory keyManagerFactory, String str) {
        if (!(keyManagerFactory instanceof vb1)) {
            X509KeyManager r = r(keyManagerFactory.getKeyManagers());
            return keyManagerFactory instanceof eb1 ? new db1(r, str) : new nb1(r, str);
        }
        vb1.a.C0159a c0159a = ((vb1) keyManagerFactory).a.b;
        if (c0159a != null) {
            return new vb1.a.C0159a.C0160a(c0159a.a, c0159a.b, c0159a.c);
        }
        throw new IllegalStateException("engineInit(...) not called yet");
    }

    @Override // defpackage.gc1
    public final boolean d() {
        return this.k == 0;
    }

    @Override // defpackage.gc1
    public final SSLEngine g(g01 g01Var, String str, int i) {
        return x(g01Var, str, i, true);
    }

    @Override // defpackage.nd1
    public final nd1 h() {
        this.m.h();
        return this;
    }

    @Override // defpackage.nd1
    public final nd1 l() {
        this.m.l();
        return this;
    }

    @Override // defpackage.nd1
    public final int o() {
        return this.m.o();
    }

    @Override // defpackage.nd1
    public final boolean release() {
        return this.m.release();
    }

    @Override // defpackage.nd1
    public final nd1 s(Object obj) {
        this.m.s(obj);
        return this;
    }

    @Override // defpackage.nd1
    public final boolean u(int i) {
        return this.m.u(i);
    }

    public SSLEngine x(g01 g01Var, String str, int i, boolean z) {
        return new bc1(this, g01Var, str, i, z, true);
    }

    public abstract sb1 z();
}
