package b.a.d.f;

import b.a.d.f.b;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* compiled from: ReferenceCountedOpenSslContext.java */
/* loaded from: classes.dex */
public abstract class bj extends bs implements b.a.f.am {

    /* renamed from: a, reason: collision with root package name */
    protected static final int f1940a = 10;
    private static final List<String> l;
    private static final Integer m;

    /* renamed from: b, reason: collision with root package name */
    protected volatile long f1941b;

    /* renamed from: c, reason: collision with root package name */
    long f1942c;

    /* renamed from: d, reason: collision with root package name */
    final Certificate[] f1943d;

    /* renamed from: e, reason: collision with root package name */
    final i f1944e;

    /* renamed from: f, reason: collision with root package name */
    final as f1945f;

    /* renamed from: g, reason: collision with root package name */
    volatile boolean f1946g;
    private volatile int o;
    private final List<String> p;
    private final long q;
    private final long r;
    private final am s;
    private final int t;

    /* renamed from: u, reason: collision with root package name */
    private final b.a.f.an f1947u;
    private final b.a.f.b v;
    private static final b.a.f.c.b.f j = b.a.f.c.b.g.a((Class<?>) bj.class);
    private static final boolean k = b.a.f.c.am.a("jdk.tls.rejectClientInitiatedRenegotiation", false);
    private static final b.a.f.ao<bj> n = b.a.f.ap.a().a(bj.class);
    static final am h = new bl();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes.dex */
    public static abstract class a implements CertificateVerifier {

        /* renamed from: a, reason: collision with root package name */
        private final as f1951a;

        /* JADX INFO: Access modifiers changed from: package-private */
        public a(as asVar) {
            this.f1951a = asVar;
        }

        public final int a(long j, byte[][] bArr, String str) {
            X509Certificate[] a2 = bj.a(bArr);
            bn b2 = this.f1951a.b(j);
            try {
                a(b2, a2, str);
                return 0;
            } catch (Throwable th) {
                bj.j.b("verification of certificate failed", th);
                SSLHandshakeException sSLHandshakeException = new SSLHandshakeException("General OpenSslEngine problem");
                sSLHandshakeException.initCause(th);
                b2.f1961c = sSLHandshakeException;
                if (th instanceof an) {
                    return ((an) th).a();
                }
                if (th instanceof CertificateExpiredException) {
                    return 10;
                }
                if (th instanceof CertificateNotYetValidException) {
                    return 9;
                }
                return (b.a.f.c.u.d() < 7 || !(th instanceof CertificateRevokedException)) ? 1 : 23;
            }
        }

        abstract void a(bn bnVar, X509Certificate[] x509CertificateArr, String str) throws Exception;
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes.dex */
    private static final class b implements as {

        /* renamed from: a, reason: collision with root package name */
        private final Map<Long, bn> f1952a;

        private b() {
            this.f1952a = b.a.f.c.u.n();
        }

        /* synthetic */ b(bk bkVar) {
            this();
        }

        @Override // b.a.d.f.as
        public bn a(long j) {
            return this.f1952a.remove(Long.valueOf(j));
        }

        @Override // b.a.d.f.as
        public void a(bn bnVar) {
            this.f1952a.put(Long.valueOf(bnVar.a()), bnVar);
        }

        @Override // b.a.d.f.as
        public bn b(long j) {
            return this.f1952a.get(Long.valueOf(j));
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA");
        l = Collections.unmodifiableList(arrayList);
        if (j.c()) {
            j.b("Default cipher suite (OpenSSL): " + arrayList);
        }
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new bm());
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    j.b("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        m = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public bj(Iterable<String> iterable, h hVar, am amVar, long j2, long j3, int i, Certificate[] certificateArr, i iVar, boolean z) throws SSLException {
        String next;
        this.v = new bk(this);
        ArrayList arrayList = null;
        this.f1945f = new b(0 == true ? 1 : 0);
        aj.e();
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.f1947u = z ? n.a((b.a.f.ao<bj>) this) : null;
        this.t = i;
        this.f1944e = r() ? (i) b.a.f.c.q.a(iVar, "clientAuth") : i.NONE;
        if (i == 1) {
            this.f1946g = k;
        }
        this.f1943d = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            arrayList = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (it.hasNext() && (next = it.next()) != null) {
                String a2 = g.a(next);
                if (a2 != null) {
                    next = a2;
                }
                arrayList.add(next);
            }
        }
        this.p = Arrays.asList(((h) b.a.f.c.q.a(hVar, "cipherFilter")).a(arrayList, l, aj.g()));
        this.s = (am) b.a.f.c.q.a(amVar, "apn");
        this.f1942c = Pool.create(0L);
        try {
            synchronized (bj.class) {
                try {
                    try {
                        this.f1941b = SSLContext.make(this.f1942c, 31, i);
                        SSLContext.setOptions(this.f1941b, 4095);
                        SSLContext.setOptions(this.f1941b, 16777216);
                        SSLContext.setOptions(this.f1941b, 33554432);
                        SSLContext.setOptions(this.f1941b, 4194304);
                        SSLContext.setOptions(this.f1941b, 524288);
                        SSLContext.setOptions(this.f1941b, 1048576);
                        SSLContext.setOptions(this.f1941b, 65536);
                        SSLContext.setOptions(this.f1941b, 16384);
                        SSLContext.setMode(this.f1941b, SSLContext.getMode(this.f1941b) | 2);
                        if (m != null) {
                            SSLContext.setTmpDHLength(this.f1941b, m.intValue());
                        }
                        try {
                            try {
                                SSLContext.setCipherSuite(this.f1941b, g.a(this.p));
                                List<String> a3 = amVar.a();
                                if (!a3.isEmpty()) {
                                    String[] strArr = (String[]) a3.toArray(new String[a3.size()]);
                                    int a4 = a(amVar.c());
                                    switch (amVar.b()) {
                                        case NPN:
                                            SSLContext.setNpnProtos(this.f1941b, strArr, a4);
                                            break;
                                        case ALPN:
                                            SSLContext.setAlpnProtos(this.f1941b, strArr, a4);
                                            break;
                                        case NPN_AND_ALPN:
                                            SSLContext.setNpnProtos(this.f1941b, strArr, a4);
                                            SSLContext.setAlpnProtos(this.f1941b, strArr, a4);
                                            break;
                                        default:
                                            throw new Error();
                                    }
                                }
                                if (j2 > 0) {
                                    this.q = j2;
                                    SSLContext.setSessionCacheSize(this.f1941b, j2);
                                } else {
                                    long sessionCacheSize = SSLContext.setSessionCacheSize(this.f1941b, 20480L);
                                    this.q = sessionCacheSize;
                                    SSLContext.setSessionCacheSize(this.f1941b, sessionCacheSize);
                                }
                                if (j3 > 0) {
                                    this.r = j3;
                                    SSLContext.setSessionCacheTimeout(this.f1941b, j3);
                                } else {
                                    long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.f1941b, 300L);
                                    this.r = sessionCacheTimeout;
                                    SSLContext.setSessionCacheTimeout(this.f1941b, sessionCacheTimeout);
                                }
                            } catch (SSLException e2) {
                                throw e2;
                            }
                        } catch (Exception e3) {
                            throw new SSLException("failed to set cipher suite: " + this.p, e3);
                        }
                    } catch (Exception e4) {
                        throw new SSLException("failed to create an SSL_CTX", e4);
                    }
                } catch (Throwable th) {
                    throw th;
                }
            }
        } catch (Throwable th2) {
            Y();
            throw th2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public bj(Iterable<String> iterable, h hVar, b.a.d.f.b bVar, long j2, long j3, int i, Certificate[] certificateArr, i iVar, boolean z) throws SSLException {
        this(iterable, hVar, a(bVar), j2, j3, i, certificateArr, iVar, z);
    }

    private static int a(b.c cVar) {
        switch (cVar) {
            case NO_ADVERTISE:
                return 0;
            case CHOOSE_MY_LAST_PROTOCOL:
                return 1;
            default:
                throw new Error();
        }
    }

    private static long a(b.a.b.j jVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int i = jVar.i();
            if (SSL.writeToBIO(newMemBIO, aj.a(jVar) + jVar.d(), i) == i) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.Y();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(b.a.b.k kVar, bd bdVar) throws Exception {
        try {
            b.a.b.j a2 = bdVar.a();
            if (a2.af()) {
                return a(a2.Q());
            }
            b.a.b.j d2 = kVar.d(a2.i());
            try {
                d2.b(a2, a2.d(), a2.i());
                long a3 = a(d2.Q());
                try {
                    if (bdVar.h()) {
                        cg.a(d2);
                    }
                    return a3;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (bdVar.h()) {
                        cg.a(d2);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            bdVar.Y();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        b.a.b.k kVar = b.a.b.k.f783b;
        bd a2 = be.a(kVar, true, privateKey);
        try {
            return a(kVar, a2.l());
        } finally {
            a2.Y();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        b.a.b.k kVar = b.a.b.k.f783b;
        bd a2 = bh.a(kVar, true, x509CertificateArr);
        try {
            return a(kVar, a2.l());
        } finally {
            a2.Y();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static am a(b.a.d.f.b bVar) {
        if (bVar == null) {
            return h;
        }
        switch (bVar.b()) {
            case NPN:
            case ALPN:
            case NPN_AND_ALPN:
                switch (bVar.d()) {
                    case CHOOSE_MY_LAST_PROTOCOL:
                    case ACCEPT:
                        switch (bVar.c()) {
                            case NO_ADVERTISE:
                            case CHOOSE_MY_LAST_PROTOCOL:
                                return new aq(bVar);
                            default:
                                throw new UnsupportedOperationException("OpenSSL provider does not support " + bVar.c() + " behavior");
                        }
                    default:
                        throw new UnsupportedOperationException("OpenSSL provider does not support " + bVar.d() + " behavior");
                }
            case NONE:
                return h;
            default:
                throw new Error();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager a(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(long j2) {
        if (j2 != 0) {
            SSL.freeBIO(j2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Removed duplicated region for block: B:36:0x00cd  */
    /* JADX WARN: Removed duplicated region for block: B:38:? A[SYNTHETIC] */
    /* JADX WARN: Unreachable blocks removed: 2, instructions: 3 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void a(long r16, java.security.cert.X509Certificate[] r18, java.security.PrivateKey r19, java.lang.String r20) throws javax.net.ssl.SSLException {
        /*
            Method dump skipped, instructions count: 209
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: b.a.d.f.bj.a(long, java.security.cert.X509Certificate[], java.security.PrivateKey, java.lang.String):void");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509KeyManager x509KeyManager) {
        return b.a.f.c.u.d() >= 7 && (x509KeyManager instanceof X509ExtendedKeyManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509TrustManager x509TrustManager) {
        return b.a.f.c.u.d() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    protected static X509Certificate[] a(byte[][] bArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr[i] = new bc(bArr[i]);
        }
        return x509CertificateArr;
    }

    @Override // b.a.f.am
    public final int V() {
        return this.v.V();
    }

    @Override // b.a.f.am
    public final boolean Y() {
        return this.v.Y();
    }

    @Override // b.a.f.am
    /* renamed from: Z */
    public final b.a.f.am m() {
        this.v.m();
        return this;
    }

    @Override // b.a.d.f.bs
    public final SSLEngine a(b.a.b.k kVar) {
        return a(kVar, (String) null, -1);
    }

    @Override // b.a.d.f.bs
    public final SSLEngine a(b.a.b.k kVar, String str, int i) {
        return b(kVar, str, i);
    }

    public void a(boolean z) {
        this.f1946g = z;
    }

    @Deprecated
    public final void a(byte[] bArr) {
        f().b(bArr);
    }

    @Override // b.a.d.f.bs
    public final boolean a() {
        return this.t == 0;
    }

    @Override // b.a.f.am
    /* renamed from: aa */
    public final b.a.f.am l() {
        this.v.l();
        return this;
    }

    @Override // b.a.f.am
    public final boolean aa(int i) {
        return this.v.aa(i);
    }

    @Override // b.a.f.am
    /* renamed from: ab */
    public final b.a.f.am b(int i) {
        this.v.b(i);
        return this;
    }

    @Override // b.a.f.am
    /* renamed from: b */
    public final b.a.f.am c(Object obj) {
        this.v.c(obj);
        return this;
    }

    @Override // b.a.d.f.bs
    public final List<String> b() {
        return this.p;
    }

    SSLEngine b(b.a.b.k kVar, String str, int i) {
        return new bn(this, kVar, str, i, true);
    }

    @Override // b.a.d.f.bs
    public final long c() {
        return this.q;
    }

    @Override // b.a.d.f.bs
    public final long d() {
        return this.r;
    }

    @Override // b.a.d.f.bs
    public e e() {
        return this.s;
    }

    @Override // b.a.d.f.bs
    /* renamed from: g */
    public abstract az f();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract av h();

    @Deprecated
    public final long j() {
        return this.f1941b;
    }

    @Deprecated
    public final ba k() {
        return f().b();
    }

    public final long l() {
        return this.f1941b;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void m() {
        synchronized (bj.class) {
            if (this.f1941b != 0) {
                SSLContext.free(this.f1941b);
                this.f1941b = 0L;
            }
            if (this.f1942c != 0) {
                Pool.destroy(this.f1942c);
                this.f1942c = 0L;
            }
        }
    }
}
