package io.grpc.netty.shaded.io.netty.handler.ssl;

import io.grpc.netty.shaded.io.netty.handler.ssl.b;
import io.grpc.netty.shaded.io.netty.internal.tcnative.CertificateVerifier;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSL;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSLContext;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public abstract class z0 extends d1 implements l6.s {
    private static final Integer D;

    /* renamed from: f, reason: collision with root package name */
    protected long f19488f;

    /* renamed from: o, reason: collision with root package name */
    private final List<String> f19489o;

    /* renamed from: p, reason: collision with root package name */
    private final z f19490p;

    /* renamed from: q, reason: collision with root package name */
    private final int f19491q;

    /* renamed from: r, reason: collision with root package name */
    private final l6.w<z0> f19492r;

    /* renamed from: s, reason: collision with root package name */
    private final l6.b f19493s;

    /* renamed from: t, reason: collision with root package name */
    final Certificate[] f19494t;

    /* renamed from: u, reason: collision with root package name */
    final io.grpc.netty.shaded.io.netty.handler.ssl.e f19495u;

    /* renamed from: v, reason: collision with root package name */
    final String[] f19496v;

    /* renamed from: w, reason: collision with root package name */
    final boolean f19497w;

    /* renamed from: x, reason: collision with root package name */
    final f0 f19498x;

    /* renamed from: y, reason: collision with root package name */
    final ReadWriteLock f19499y;

    /* renamed from: z, reason: collision with root package name */
    private volatile int f19500z;
    private static final p6.b A = io.grpc.netty.shaded.io.netty.util.internal.logging.c.b(z0.class);
    private static final int B = ((Integer) AccessController.doPrivileged(new a())).intValue();
    private static final boolean C = o6.a0.d("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.useTasks", false);
    private static final l6.t<z0> E = l6.u.b().c(z0.class);
    static final z F = new c();

    /* loaded from: classes2.dex */
    static class a implements PrivilegedAction<Integer> {
        a() {
        }

        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Integer run() {
            return Integer.valueOf(Math.max(1, o6.a0.e("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048)));
        }
    }

    /* loaded from: classes2.dex */
    class b extends l6.b {
        b() {
        }

        @Override // l6.b
        protected void a() {
            z0.this.B();
            if (z0.this.f19492r != null) {
                z0.this.f19492r.a(z0.this);
            }
        }

        @Override // l6.s
        public l6.s j(Object obj) {
            if (z0.this.f19492r != null) {
                z0.this.f19492r.c(obj);
            }
            return z0.this;
        }
    }

    /* loaded from: classes2.dex */
    static class c implements z {
        c() {
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.z
        public b.a a() {
            return b.a.NONE;
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.z
        public b.c b() {
            return b.c.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // j6.a
        public List<String> c() {
            return Collections.emptyList();
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.z
        public b.EnumC0156b g() {
            return b.EnumC0156b.ACCEPT;
        }
    }

    /* loaded from: classes2.dex */
    static class d implements PrivilegedAction<String> {
        d() {
        }

        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public String run() {
            return o6.a0.b("jdk.tls.ephemeralDHKeySize");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class e {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f19502a;

        /* renamed from: b, reason: collision with root package name */
        static final /* synthetic */ int[] f19503b;

        /* renamed from: c, reason: collision with root package name */
        static final /* synthetic */ int[] f19504c;

        static {
            int[] iArr = new int[b.EnumC0156b.values().length];
            f19504c = iArr;
            try {
                iArr[b.EnumC0156b.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f19504c[b.EnumC0156b.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[b.c.values().length];
            f19503b = iArr2;
            try {
                iArr2[b.c.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f19503b[b.c.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr3 = new int[b.a.values().length];
            f19502a = iArr3;
            try {
                iArr3[b.a.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                f19502a[b.a.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f19502a[b.a.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f19502a[b.a.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* loaded from: classes2.dex */
    static abstract class f extends CertificateVerifier {
        /* JADX INFO: Access modifiers changed from: package-private */
        public f(f0 f0Var) {
        }
    }

    /* loaded from: classes2.dex */
    private static final class g implements f0 {

        /* renamed from: a, reason: collision with root package name */
        private final Map<Long, a1> f19505a;

        private g() {
            this.f19505a = o6.r.e0();
        }

        /* synthetic */ g(a aVar) {
            this();
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.f0
        public void a(a1 a1Var) {
            this.f19505a.put(Long.valueOf(a1Var.k0()), a1Var);
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.f0
        public a1 b(long j9) {
            return this.f19505a.remove(Long.valueOf(j9));
        }
    }

    static {
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new d());
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    A.b("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        D = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public z0(Iterable<String> iterable, j6.b bVar, io.grpc.netty.shaded.io.netty.handler.ssl.b bVar2, long j9, long j10, int i9, Certificate[] certificateArr, io.grpc.netty.shaded.io.netty.handler.ssl.e eVar, String[] strArr, boolean z9, boolean z10, boolean z11) {
        this(iterable, bVar, P(bVar2), j9, j10, i9, certificateArr, eVar, strArr, z9, z10, z11);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public z0(Iterable<String> iterable, j6.b bVar, z zVar, long j9, long j10, int i9, Certificate[] certificateArr, io.grpc.netty.shaded.io.netty.handler.ssl.e eVar, String[] strArr, boolean z9, boolean z10, boolean z11) {
        super(z9);
        long j11;
        this.f19493s = new b();
        this.f19498x = new g(0 == true ? 1 : 0);
        this.f19499y = new ReentrantReadWriteLock();
        this.f19500z = B;
        y.d();
        if (z10 && !y.j()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i9 != 1 && i9 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.f19492r = z11 ? E.k(this) : null;
        this.f19491q = i9;
        this.f19495u = m() ? (io.grpc.netty.shaded.io.netty.handler.ssl.e) o6.p.a(eVar, "clientAuth") : io.grpc.netty.shaded.io.netty.handler.ssl.e.NONE;
        this.f19496v = strArr;
        this.f19497w = z10;
        this.f19494t = certificateArr != null ? (Certificate[]) certificateArr.clone() : null;
        List<String> asList = Arrays.asList(((j6.b) o6.p.a(bVar, "cipherFilter")).a(iterable, y.f19479c, y.a()));
        this.f19489o = asList;
        this.f19490p = (z) o6.p.a(zVar, "apn");
        try {
            try {
                this.f19488f = SSLContext.make(y.k() ? 62 : 30, i9);
                boolean k9 = y.k();
                StringBuilder sb = new StringBuilder();
                StringBuilder sb2 = new StringBuilder();
                try {
                    if (asList.isEmpty()) {
                        SSLContext.setCipherSuite(this.f19488f, "", false);
                        if (k9) {
                            SSLContext.setCipherSuite(this.f19488f, "", true);
                        }
                    } else {
                        io.grpc.netty.shaded.io.netty.handler.ssl.d.c(asList, sb, sb2, y.h());
                        SSLContext.setCipherSuite(this.f19488f, sb.toString(), false);
                        if (k9) {
                            SSLContext.setCipherSuite(this.f19488f, sb2.toString(), true);
                        }
                    }
                    int options = SSLContext.getOptions(this.f19488f);
                    int i10 = SSL.f19549b;
                    int i11 = SSL.f19550c;
                    int i12 = options | i10 | i11 | SSL.f19554g | SSL.f19548a | SSL.f19556i | SSL.f19555h;
                    SSLContext.setOptions(this.f19488f, sb.length() == 0 ? i12 | i10 | i11 | SSL.f19551d | SSL.f19552e | SSL.f19553f : i12);
                    long j12 = this.f19488f;
                    SSLContext.setMode(j12, SSLContext.getMode(j12) | SSL.f19558k);
                    Integer num = D;
                    if (num != null) {
                        SSLContext.setTmpDHLength(this.f19488f, num.intValue());
                    }
                    List<String> c10 = zVar.c();
                    if (!c10.isEmpty()) {
                        String[] strArr2 = (String[]) c10.toArray(new String[0]);
                        int I = I(zVar.b());
                        int i13 = e.f19502a[zVar.a().ordinal()];
                        if (i13 != 1) {
                            if (i13 == 2) {
                                j11 = this.f19488f;
                            } else {
                                if (i13 != 3) {
                                    throw new Error();
                                }
                                SSLContext.setNpnProtos(this.f19488f, strArr2, I);
                                j11 = this.f19488f;
                            }
                            SSLContext.setAlpnProtos(j11, strArr2, I);
                        } else {
                            SSLContext.setNpnProtos(this.f19488f, strArr2, I);
                        }
                    }
                    SSLContext.setSessionCacheSize(this.f19488f, j9 <= 0 ? SSLContext.setSessionCacheSize(this.f19488f, 20480L) : j9);
                    SSLContext.setSessionCacheTimeout(this.f19488f, j10 <= 0 ? SSLContext.setSessionCacheTimeout(this.f19488f, 300L) : j10);
                    if (z10) {
                        SSLContext.enableOcsp(this.f19488f, k());
                    }
                    SSLContext.setUseTasks(this.f19488f, C);
                } catch (SSLException e10) {
                    throw e10;
                } catch (Exception e11) {
                    throw new SSLException("failed to set cipher suite: " + this.f19489o, e11);
                }
            } catch (Exception e12) {
                throw new SSLException("failed to create an SSL_CTX", e12);
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager A(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void B() {
        Lock writeLock = this.f19499y.writeLock();
        writeLock.lock();
        try {
            long j9 = this.f19488f;
            if (j9 != 0) {
                if (this.f19497w) {
                    SSLContext.disableOcsp(j9);
                }
                SSLContext.free(this.f19488f);
                this.f19488f = 0L;
                o0 K = K();
                if (K != null) {
                    K.a();
                }
            }
        } finally {
            writeLock.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void D(long j9) {
        if (j9 != 0) {
            SSL.freeBIO(j9);
        }
    }

    private static long F(y5.j jVar) {
        try {
            long newMemBIO = SSL.newMemBIO();
            int c22 = jVar.c2();
            if (SSL.bioWrite(newMemBIO, y.m(jVar) + jVar.d2(), c22) == c22) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.release();
        }
    }

    private static int I(b.c cVar) {
        int i9 = e.f19503b[cVar.ordinal()];
        if (i9 == 1) {
            return 0;
        }
        if (i9 == 2) {
            return 1;
        }
        throw new Error();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static j0 J(KeyManagerFactory keyManagerFactory, String str) {
        if (keyManagerFactory instanceof s0) {
            return ((s0) keyManagerFactory).c();
        }
        X509KeyManager A2 = A(keyManagerFactory.getKeyManagers());
        return keyManagerFactory instanceof j6.e ? new a0(A2, str) : new j0(A2, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void L(long j9, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) {
        long j10;
        long j11;
        long M;
        long j12 = 0;
        u0 u0Var = null;
        try {
            try {
                y5.k kVar = y5.k.f24289a;
                u0Var = x0.e(kVar, true, x509CertificateArr);
                j11 = M(kVar, u0Var.c());
                try {
                    M = M(kVar, u0Var.c());
                    if (privateKey != null) {
                        try {
                            j12 = N(kVar, privateKey);
                        } catch (SSLException e10) {
                            throw e10;
                        } catch (Exception e11) {
                            e = e11;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    }
                } catch (SSLException e12) {
                    throw e12;
                } catch (Exception e13) {
                    e = e13;
                } catch (Throwable th) {
                    th = th;
                    j10 = 0;
                }
            } catch (Throwable th2) {
                th = th2;
            }
        } catch (SSLException e14) {
            throw e14;
        } catch (Exception e15) {
            e = e15;
        } catch (Throwable th3) {
            th = th3;
            j10 = 0;
            j11 = 0;
        }
        try {
            SSLContext.setCertificateBio(j9, j11, j12, str == null ? "" : str);
            SSLContext.setCertificateChainBio(j9, M, true);
            D(j12);
            D(j11);
            D(M);
            u0Var.release();
        } catch (SSLException e16) {
        } catch (Exception e17) {
            e = e17;
            throw new SSLException("failed to set certificate and key", e);
        } catch (Throwable th4) {
            th = th4;
            j10 = M;
            D(j12);
            D(j11);
            D(j10);
            if (u0Var != null) {
                u0Var.release();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long M(y5.k kVar, u0 u0Var) {
        try {
            y5.j n9 = u0Var.n();
            if (n9.z1()) {
                return F(n9.h2());
            }
            y5.j e10 = kVar.e(n9.c2());
            try {
                e10.K2(n9, n9.d2(), n9.c2());
                long F2 = F(e10.h2());
                try {
                    if (u0Var.H()) {
                        i1.q(e10);
                    }
                    return F2;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (u0Var.H()) {
                        i1.q(e10);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            u0Var.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long N(y5.k kVar, PrivateKey privateKey) {
        if (privateKey == null) {
            return 0L;
        }
        u0 m9 = v0.m(kVar, true, privateKey);
        try {
            return M(kVar, m9.c());
        } finally {
            m9.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long O(y5.k kVar, X509Certificate... x509CertificateArr) {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        u0 e10 = x0.e(kVar, true, x509CertificateArr);
        try {
            return M(kVar, e10.c());
        } finally {
            e10.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static z P(io.grpc.netty.shaded.io.netty.handler.ssl.b bVar) {
        if (bVar == null) {
            return F;
        }
        int i9 = e.f19502a[bVar.a().ordinal()];
        if (i9 != 1 && i9 != 2 && i9 != 3) {
            if (i9 == 4) {
                return F;
            }
            throw new Error();
        }
        int i10 = e.f19504c[bVar.b().ordinal()];
        if (i10 != 1 && i10 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + bVar.b() + " behavior");
        }
        int i11 = e.f19503b[bVar.c().ordinal()];
        if (i11 == 1 || i11 == 2) {
            return new d0(bVar);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + bVar.c() + " behavior");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean Q(X509TrustManager x509TrustManager) {
        return o6.r.a0() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager z(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return t0.c((X509TrustManager) trustManager);
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public int E() {
        return this.f19500z;
    }

    SSLEngine G(y5.k kVar, String str, int i9, boolean z9) {
        return new a1(this, kVar, str, i9, z9, true);
    }

    public abstract o0 K();

    @Override // l6.s
    public final l6.s c() {
        this.f19493s.c();
        return this;
    }

    @Override // l6.s
    public final l6.s j(Object obj) {
        this.f19493s.j(obj);
        return this;
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.d1
    public final boolean k() {
        return this.f19491q == 0;
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.d1
    public final SSLEngine r(y5.k kVar, String str, int i9) {
        return G(kVar, str, i9, true);
    }

    @Override // l6.s
    public final boolean release() {
        return this.f19493s.release();
    }

    public j6.a x() {
        return this.f19490p;
    }

    @Override // l6.s
    public final int y() {
        return this.f19493s.y();
    }
}
