package io.netty.handler.ssl;

import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.util.internal.ObjectUtil;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.StringUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.atomic.AtomicIntegerFieldUpdater;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSLContext;

/* loaded from: classes5.dex */
public abstract class OpenSslContext extends SslContext {
    private static final InternalLogger dty = InternalLoggerFactory.bq(OpenSslContext.class);
    private static final List<String> emj;
    private static final AtomicIntegerFieldUpdater<OpenSslContext> emx;
    protected static final int emy = 10;
    private volatile int emA;
    private final List<String> emB;
    private final List<String> emC;
    private final long emD;
    private final long emE;
    private final OpenSslApplicationProtocolNegotiator emF;
    protected final long emG;
    private final long emz;
    private final int mode;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.netty.handler.ssl.OpenSslContext$1, reason: invalid class name */
    /* loaded from: classes5.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] emo;
        static final /* synthetic */ int[] emp = new int[ApplicationProtocolConfig.Protocol.values().length];

        static {
            try {
                emp[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                emp[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            emo = new int[ApplicationProtocolConfig.SelectedListenerFailureBehavior.values().length];
            try {
                emo[ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA", "RC4-SHA");
        emj = Collections.unmodifiableList(arrayList);
        if (dty.isDebugEnabled()) {
            dty.debug("Default cipher suite (OpenSSL): " + arrayList);
        }
        AtomicIntegerFieldUpdater<OpenSslContext> o = PlatformDependent.o((Class<?>) OpenSslContext.class, "aprPoolDestroyed");
        if (o == null) {
            o = AtomicIntegerFieldUpdater.newUpdater(OpenSslContext.class, "emA");
        }
        emx = o;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenSslContext(Iterable<String> iterable, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2, int i) throws SSLException {
        this(iterable, b(applicationProtocolConfig, i == 1), j, j2, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenSslContext(Iterable<String> iterable, OpenSslApplicationProtocolNegotiator openSslApplicationProtocolNegotiator, long j, long j2, int i) throws SSLException {
        String next;
        this.emB = new ArrayList();
        this.emC = Collections.unmodifiableList(this.emB);
        OpenSsl.aFE();
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.mode = i;
        Iterator<String> it = (iterable == null ? emj : iterable).iterator();
        while (it.hasNext() && (next = it.next()) != null) {
            String vC = CipherSuiteConverter.vC(next);
            if (vC != null) {
                next = vC;
            }
            this.emB.add(next);
        }
        this.emF = (OpenSslApplicationProtocolNegotiator) ObjectUtil.d(openSslApplicationProtocolNegotiator, "apn");
        this.emz = Pool.create(0L);
        try {
            synchronized (OpenSslContext.class) {
                try {
                    try {
                        this.emG = SSLContext.make(this.emz, 28, i);
                        SSLContext.setOptions(this.emG, 4095);
                        SSLContext.setOptions(this.emG, 16777216);
                        SSLContext.setOptions(this.emG, 33554432);
                        SSLContext.setOptions(this.emG, 4194304);
                        SSLContext.setOptions(this.emG, 524288);
                        SSLContext.setOptions(this.emG, 1048576);
                        SSLContext.setOptions(this.emG, 65536);
                        try {
                            try {
                                SSLContext.setCipherSuite(this.emG, CipherSuiteConverter.k(this.emB));
                                List<String> aqe = openSslApplicationProtocolNegotiator.aqe();
                                if (!aqe.isEmpty()) {
                                    StringBuilder sb = new StringBuilder();
                                    Iterator<String> it2 = aqe.iterator();
                                    while (it2.hasNext()) {
                                        sb.append(it2.next());
                                        sb.append(StringUtil.ewJ);
                                    }
                                    sb.setLength(sb.length() - 1);
                                    SSLContext.setNextProtos(this.emG, sb.toString());
                                }
                                if (j > 0) {
                                    this.emD = j;
                                    SSLContext.setSessionCacheSize(this.emG, j);
                                } else {
                                    long sessionCacheSize = SSLContext.setSessionCacheSize(this.emG, 20480L);
                                    this.emD = sessionCacheSize;
                                    SSLContext.setSessionCacheSize(this.emG, sessionCacheSize);
                                }
                                if (j2 > 0) {
                                    this.emE = j2;
                                    SSLContext.setSessionCacheTimeout(this.emG, j2);
                                } else {
                                    long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.emG, 300L);
                                    this.emE = sessionCacheTimeout;
                                    SSLContext.setSessionCacheTimeout(this.emG, sessionCacheTimeout);
                                }
                            } catch (Exception e) {
                                throw new SSLException("failed to set cipher suite: " + this.emB, e);
                            }
                        } catch (SSLException e2) {
                            throw e2;
                        }
                    } catch (Exception e3) {
                        throw new SSLException("failed to create an SSL_CTX", e3);
                    }
                } catch (Throwable th) {
                    throw th;
                }
            }
        } catch (Throwable th2) {
            aUZ();
            throw th2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OpenSslApplicationProtocolNegotiator b(ApplicationProtocolConfig applicationProtocolConfig, boolean z) {
        int i;
        if (applicationProtocolConfig != null && (i = AnonymousClass1.emp[applicationProtocolConfig.aUA().ordinal()]) != 1) {
            if (i != 2) {
                throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.aUA() + " protocol");
            }
            if (!z) {
                throw new UnsupportedOperationException("OpenSSL provider does not support client mode");
            }
            if (AnonymousClass1.emo[applicationProtocolConfig.aUC().ordinal()] == 1) {
                return new OpenSslNpnApplicationProtocolNegotiator(applicationProtocolConfig.aUz());
            }
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.aUC() + " behavior");
        }
        return OpenSslDefaultApplicationProtocolNegotiator.emH;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509Certificate[] d(byte[][] bArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr[i] = new OpenSslX509Certificate(bArr[i]);
        }
        return x509CertificateArr;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SSLEngine a(ByteBufAllocator byteBufAllocator, String str, int i) {
        throw new UnsupportedOperationException();
    }

    @Override // io.netty.handler.ssl.SslContext
    public final boolean aUK() {
        return this.mode == 0;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final long aUN() {
        return this.emD;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final long aUO() {
        return this.emE;
    }

    @Override // io.netty.handler.ssl.SslContext
    public ApplicationProtocolNegotiator aUQ() {
        return this.emF;
    }

    @Override // io.netty.handler.ssl.SslContext
    /* renamed from: aUV */
    public abstract OpenSslSessionContext aUM();

    public final long aUX() {
        return this.emG;
    }

    @Deprecated
    public final OpenSslSessionStats aUY() {
        return aUM().aUY();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void aUZ() {
        if (this.emz == 0 || !emx.compareAndSet(this, 0, 1)) {
            return;
        }
        Pool.destroy(this.emz);
    }

    @Override // io.netty.handler.ssl.SslContext
    public final List<String> aqV() {
        return this.emC;
    }

    @Deprecated
    public final void bn(byte[] bArr) {
        aUM().bn(bArr);
    }

    protected final void finalize() throws Throwable {
        super.finalize();
        synchronized (OpenSslContext.class) {
            if (this.emG != 0) {
                SSLContext.free(this.emG);
            }
        }
        aUZ();
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SSLEngine v(ByteBufAllocator byteBufAllocator) {
        List<String> aqe = aUQ().aqe();
        return aqe.isEmpty() ? new OpenSslEngine(this.emG, byteBufAllocator, null, aUK(), aUM()) : new OpenSslEngine(this.emG, byteBufAllocator, aqe.get(aqe.size() - 1), aUK(), aUM());
    }
}
