package io.grpc.netty.shaded.io.netty.handler.ssl;

import io.grpc.netty.shaded.io.netty.handler.ssl.b1;
import io.grpc.netty.shaded.io.netty.internal.tcnative.CertificateCallback;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSLContext;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashSet;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes4.dex */
public final class a1 extends b1 {
    private static final boolean H;
    private final p0 G;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static final class a extends b1.d {
        a(g0 g0Var, X509ExtendedTrustManager x509ExtendedTrustManager) {
            super(g0Var);
            r0.a(x509ExtendedTrustManager);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static final class b implements CertificateCallback {
        b(g0 g0Var, j0 j0Var) {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public static final class c extends p0 {
        c(b1 b1Var, k0 k0Var) {
            super(b1Var, k0Var);
        }

        @Override // javax.net.ssl.SSLSessionContext
        public int getSessionCacheSize() {
            return 0;
        }

        @Override // javax.net.ssl.SSLSessionContext
        public int getSessionTimeout() {
            return 0;
        }

        @Override // javax.net.ssl.SSLSessionContext
        public void setSessionCacheSize(int i10) {
            if (i10 < 0) {
                throw new IllegalArgumentException();
            }
        }

        @Override // javax.net.ssl.SSLSessionContext
        public void setSessionTimeout(int i10) {
            if (i10 < 0) {
                throw new IllegalArgumentException();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static final class d extends b1.d {
        d(g0 g0Var, X509TrustManager x509TrustManager) {
            super(g0Var);
        }
    }

    static {
        tf.c.b(a1.class);
        Collections.unmodifiableSet(new LinkedHashSet(Arrays.asList("RSA", "DH_RSA", "EC", "EC_RSA", "EC_EC")));
        H = sf.p.d("jdk.tls.client.enableSessionTicketExtension", false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public a1(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, of.b bVar, io.grpc.netty.shaded.io.netty.handler.ssl.b bVar2, String[] strArr, long j10, long j11, boolean z10, String str2) throws SSLException {
        super(iterable, bVar, bVar2, j10, j11, 0, (Certificate[]) x509CertificateArr2, e.NONE, strArr, false, z10, true);
        try {
            this.G = Y(this, this.f29033n, this.f29043x, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, str2);
        } catch (Throwable th2) {
            a();
            throw th2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static p0 Y(b1 b1Var, long j10, g0 g0Var, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, String str2) throws SSLException {
        k0 Q;
        if ((privateKey == null && x509CertificateArr2 != null) || (privateKey != null && x509CertificateArr2 == null)) {
            throw new IllegalArgumentException("Either both keyCertChain and key needs to be null or none of them");
        }
        k0 k0Var = null;
        try {
            try {
                if (y.q()) {
                    if (keyManagerFactory != null || x509CertificateArr2 == null) {
                        Q = keyManagerFactory != null ? b1.Q(keyManagerFactory, str) : null;
                    } else {
                        char[] u10 = f1.u(str);
                        KeyStore g10 = f1.g(x509CertificateArr2, privateKey, u10, str2);
                        KeyManagerFactory t0Var = g10.aliases().hasMoreElements() ? new t0() : new b0(KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()));
                        t0Var.init(g10, u10);
                        Q = b1.Q(t0Var, str);
                    }
                    if (Q != null) {
                        try {
                            try {
                                SSLContext.setCertificateCallback(j10, new b(g0Var, new j0(Q)));
                            } catch (Throwable th2) {
                                th = th2;
                                k0Var = Q;
                                if (k0Var != null) {
                                    k0Var.b();
                                }
                                throw th;
                            }
                        } catch (Exception e10) {
                            e = e10;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    }
                } else {
                    if (keyManagerFactory != null) {
                        throw new IllegalArgumentException("KeyManagerFactory not supported");
                    }
                    if (x509CertificateArr2 != null) {
                        b1.S(j10, x509CertificateArr2, privateKey, str);
                    }
                    Q = null;
                }
                SSLContext.setVerify(j10, 1, 10);
                try {
                    if (x509CertificateArr != null) {
                        trustManagerFactory = f1.i(x509CertificateArr, trustManagerFactory, str2);
                    } else if (trustManagerFactory == null) {
                        trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init((KeyStore) null);
                    }
                    Z(j10, g0Var, b1.F(trustManagerFactory.getTrustManagers()));
                    c cVar = new c(b1Var, Q);
                    if (H) {
                        cVar.b(new of.e[0]);
                    }
                    return cVar;
                } catch (Exception e11) {
                    if (Q != null) {
                        Q.b();
                    }
                    throw new SSLException("unable to setup trustmanager", e11);
                }
            } catch (Exception e12) {
                e = e12;
            }
        } catch (Throwable th3) {
            th = th3;
        }
    }

    private static void Z(long j10, g0 g0Var, X509TrustManager x509TrustManager) {
        if (b1.X(x509TrustManager)) {
            SSLContext.setCertVerifyCallback(j10, new a(g0Var, (X509ExtendedTrustManager) x509TrustManager));
        } else {
            SSLContext.setCertVerifyCallback(j10, new d(g0Var, x509TrustManager));
        }
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.b1
    public p0 R() {
        return this.G;
    }
}
