package io.grpc.netty.shaded.io.netty.handler.ssl;

import io.grpc.netty.shaded.io.netty.buffer.AbstractC0820l;
import io.grpc.netty.shaded.io.netty.buffer.InterfaceC0821m;
import io.grpc.netty.shaded.io.netty.handler.ssl.ApplicationProtocolConfig;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSL;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSLContext;
import io.grpc.netty.shaded.io.netty.util.AbstractC0997c;
import io.grpc.netty.shaded.io.netty.util.ResourceLeakDetector;
import io.grpc.netty.shaded.io.netty.util.internal.C1049y;
import io.grpc.netty.shaded.io.netty.util.internal.PlatformDependent;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes4.dex */
public abstract class Ga extends Qa implements io.grpc.netty.shaded.io.netty.util.F {

    /* renamed from: g, reason: collision with root package name */
    private static final Integer f19245g;
    protected long j;
    private final List<String> k;
    private final long l;
    private final long m;
    private final X n;
    private final int o;
    private final io.grpc.netty.shaded.io.netty.util.J<Ga> p;
    private final AbstractC0997c q;
    final Certificate[] r;
    final ClientAuth s;
    final String[] t;
    final boolean u;
    final InterfaceC0955fa v;
    final ReadWriteLock w;
    private volatile int x;

    /* renamed from: d, reason: collision with root package name */
    private static final io.grpc.netty.shaded.io.netty.util.internal.logging.c f19242d = io.grpc.netty.shaded.io.netty.util.internal.logging.d.a((Class<?>) Ga.class);

    /* renamed from: e, reason: collision with root package name */
    private static final int f19243e = Math.max(1, io.grpc.netty.shaded.io.netty.util.internal.fa.a("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048));

    /* renamed from: f, reason: collision with root package name */
    static final boolean f19244f = io.grpc.netty.shaded.io.netty.util.internal.fa.a("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.useTasks", false);

    /* renamed from: h, reason: collision with root package name */
    private static final ResourceLeakDetector<Ga> f19246h = io.grpc.netty.shaded.io.netty.util.H.b().a(Ga.class);

    /* renamed from: i, reason: collision with root package name */
    static final X f19247i = new Ea();

    /* loaded from: classes4.dex */
    static abstract class a extends io.grpc.netty.shaded.io.netty.internal.tcnative.b {
        private final InterfaceC0955fa pa;

        /* JADX INFO: Access modifiers changed from: package-private */
        public a(InterfaceC0955fa interfaceC0955fa) {
            this.pa = interfaceC0955fa;
        }
    }

    /* loaded from: classes4.dex */
    private static final class b implements InterfaceC0955fa {

        /* renamed from: a, reason: collision with root package name */
        private final Map<Long, ReferenceCountedOpenSslEngine> f19248a;

        private b() {
            this.f19248a = PlatformDependent.p();
        }

        /* synthetic */ b(Da da) {
            this();
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.InterfaceC0955fa
        public ReferenceCountedOpenSslEngine a(long j) {
            return this.f19248a.remove(Long.valueOf(j));
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.InterfaceC0955fa
        public void a(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) {
            this.f19248a.put(Long.valueOf(referenceCountedOpenSslEngine.g()), referenceCountedOpenSslEngine);
        }
    }

    static {
        Integer num = null;
        try {
            String b2 = io.grpc.netty.shaded.io.netty.util.internal.fa.b("jdk.tls.ephemeralDHKeySize");
            if (b2 != null) {
                try {
                    num = Integer.valueOf(b2);
                } catch (NumberFormatException unused) {
                    f19242d.c("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + b2);
                }
            }
        } catch (Throwable unused2) {
        }
        f19245g = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Ga(Iterable<String> iterable, InterfaceC0952e interfaceC0952e, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2, int i2, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2, boolean z3) throws SSLException {
        this(iterable, interfaceC0952e, a(applicationProtocolConfig), j, j2, i2, certificateArr, clientAuth, strArr, z, z2, z3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public Ga(Iterable<String> iterable, InterfaceC0952e interfaceC0952e, X x, long j, long j2, int i2, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2, boolean z3) throws SSLException {
        super(z);
        ClientAuth clientAuth2;
        this.q = new Da(this);
        this.v = new b(0 == true ? 1 : 0);
        this.w = new ReentrantReadWriteLock();
        this.x = f19243e;
        W.b();
        if (z2 && !W.f()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i2 != 1 && i2 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.p = z3 ? f19246h.a((ResourceLeakDetector<Ga>) this) : null;
        this.o = i2;
        if (e()) {
            C1049y.a(clientAuth, "clientAuth");
            clientAuth2 = clientAuth;
        } else {
            clientAuth2 = ClientAuth.NONE;
        }
        this.s = clientAuth2;
        this.t = strArr;
        this.u = z2;
        this.r = certificateArr != null ? (Certificate[]) certificateArr.clone() : null;
        C1049y.a(interfaceC0952e, "cipherFilter");
        this.k = Arrays.asList(interfaceC0952e.a(iterable, W.f19358c, W.a()));
        C1049y.a(x, "apn");
        this.n = x;
        try {
            boolean g2 = W.g();
            try {
                this.j = SSLContext.make(g2 ? 62 : 30, i2);
                StringBuilder sb = new StringBuilder();
                StringBuilder sb2 = new StringBuilder();
                try {
                    try {
                        if (this.k.isEmpty()) {
                            SSLContext.setCipherSuite(this.j, "", false);
                            if (g2) {
                                SSLContext.setCipherSuite(this.j, "", true);
                            }
                        } else {
                            C0950d.a(this.k, sb, sb2, W.e());
                            SSLContext.setCipherSuite(this.j, sb.toString(), false);
                            if (g2) {
                                SSLContext.setCipherSuite(this.j, sb2.toString(), true);
                            }
                        }
                        int options = SSLContext.getOptions(this.j) | SSL.f19472b | SSL.f19473c | SSL.f19471a | SSL.f19479i | SSL.f19478h;
                        SSLContext.setOptions(this.j, sb.length() == 0 ? options | SSL.f19472b | SSL.f19473c | SSL.f19474d | SSL.f19475e | SSL.f19476f : options);
                        SSLContext.setMode(this.j, SSLContext.getMode(this.j) | SSL.r);
                        if (f19245g != null) {
                            SSLContext.setTmpDHLength(this.j, f19245g.intValue());
                        }
                        List<String> a2 = x.a();
                        if (!a2.isEmpty()) {
                            String[] strArr2 = (String[]) a2.toArray(new String[0]);
                            int a3 = a(x.b());
                            int i3 = Fa.f19237a[x.protocol().ordinal()];
                            if (i3 == 1) {
                                SSLContext.setNpnProtos(this.j, strArr2, a3);
                            } else if (i3 == 2) {
                                SSLContext.setAlpnProtos(this.j, strArr2, a3);
                            } else {
                                if (i3 != 3) {
                                    throw new Error();
                                }
                                SSLContext.setNpnProtos(this.j, strArr2, a3);
                                SSLContext.setAlpnProtos(this.j, strArr2, a3);
                            }
                        }
                        long sessionCacheSize = j <= 0 ? SSLContext.setSessionCacheSize(this.j, 20480L) : j;
                        this.l = sessionCacheSize;
                        SSLContext.setSessionCacheSize(this.j, sessionCacheSize);
                        long sessionCacheTimeout = j2 <= 0 ? SSLContext.setSessionCacheTimeout(this.j, 300L) : j2;
                        this.m = sessionCacheTimeout;
                        SSLContext.setSessionCacheTimeout(this.j, sessionCacheTimeout);
                        if (z2) {
                            SSLContext.enableOcsp(this.j, d());
                        }
                        SSLContext.setUseTasks(this.j, f19244f);
                    } catch (SSLException e2) {
                        throw e2;
                    }
                } catch (Exception e3) {
                    throw new SSLException("failed to set cipher suite: " + this.k, e3);
                }
            } catch (Exception e4) {
                throw new SSLException("failed to create an SSL_CTX", e4);
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    private static int a(ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior) {
        int i2 = Fa.f19238b[selectorFailureBehavior.ordinal()];
        if (i2 == 1) {
            return 0;
        }
        if (i2 == 2) {
            return 1;
        }
        throw new Error();
    }

    private static long a(AbstractC0820l abstractC0820l) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int ha = abstractC0820l.ha();
            if (SSL.bioWrite(newMemBIO, W.a(abstractC0820l) + abstractC0820l.ia(), ha) == ha) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            abstractC0820l.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(InterfaceC0821m interfaceC0821m, Aa aa) throws Exception {
        try {
            AbstractC0820l n = aa.n();
            if (n.M()) {
                return a(n.ja());
            }
            AbstractC0820l d2 = interfaceC0821m.d(n.ha());
            try {
                d2.a(n, n.ia(), n.ha());
                long a2 = a(d2.ja());
                try {
                    if (aa.o()) {
                        fb.a(d2);
                    }
                    return a2;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (aa.o()) {
                        fb.a(d2);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            aa.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(InterfaceC0821m interfaceC0821m, PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        Aa a2 = PemPrivateKey.a(interfaceC0821m, true, privateKey);
        try {
            return a(interfaceC0821m, a2.j());
        } finally {
            a2.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(InterfaceC0821m interfaceC0821m, X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        Aa a2 = PemX509Certificate.a(interfaceC0821m, true, x509CertificateArr);
        try {
            return a(interfaceC0821m, a2.j());
        } finally {
            a2.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X a(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return f19247i;
        }
        int i2 = Fa.f19237a[applicationProtocolConfig.a().ordinal()];
        if (i2 != 1 && i2 != 2 && i2 != 3) {
            if (i2 == 4) {
                return f19247i;
            }
            throw new Error();
        }
        int i3 = Fa.f19239c[applicationProtocolConfig.b().ordinal()];
        if (i3 != 1 && i3 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.b() + " behavior");
        }
        int i4 = Fa.f19238b[applicationProtocolConfig.c().ordinal()];
        if (i4 == 1 || i4 == 2) {
            return new C0951da(applicationProtocolConfig);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.c() + " behavior");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static C0963ja a(KeyManagerFactory keyManagerFactory, String str) {
        return keyManagerFactory instanceof C0986va ? ((C0986va) keyManagerFactory).a() : keyManagerFactory instanceof C0945aa ? ((C0945aa) keyManagerFactory).a(str) : new C0963ja(a(keyManagerFactory.getKeyManagers()), str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager a(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return PlatformDependent.n() >= 7 ? C0994za.a((X509TrustManager) trustManager) : (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(long j, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j2;
        long j3;
        long j4 = 0;
        Aa aa = null;
        try {
            try {
                aa = PemX509Certificate.a(InterfaceC0821m.f18206a, true, x509CertificateArr);
                j3 = a(InterfaceC0821m.f18206a, aa.j());
                try {
                    long a2 = a(InterfaceC0821m.f18206a, aa.j());
                    if (privateKey != null) {
                        try {
                            j4 = a(InterfaceC0821m.f18206a, privateKey);
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            e = e3;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j, j3, j4, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j, a2, true);
                        a(j4);
                        a(j3);
                        a(a2);
                        if (aa != null) {
                            aa.release();
                        }
                    } catch (SSLException e4) {
                        throw e4;
                    } catch (Exception e5) {
                        e = e5;
                        throw new SSLException("failed to set certificate and key", e);
                    } catch (Throwable th) {
                        th = th;
                        j2 = a2;
                        a(j4);
                        a(j3);
                        a(j2);
                        if (aa != null) {
                            aa.release();
                        }
                        throw th;
                    }
                } catch (SSLException e6) {
                    throw e6;
                } catch (Exception e7) {
                    e = e7;
                } catch (Throwable th2) {
                    th = th2;
                    j2 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e8) {
            throw e8;
        } catch (Exception e9) {
            e = e9;
        } catch (Throwable th4) {
            th = th4;
            j2 = 0;
            j3 = 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509TrustManager x509TrustManager) {
        return PlatformDependent.n() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void h() {
        Lock writeLock = this.w.writeLock();
        writeLock.lock();
        try {
            if (this.j != 0) {
                if (this.u) {
                    SSLContext.disableOcsp(this.j);
                }
                SSLContext.free(this.j);
                this.j = 0L;
                AbstractC0973oa g2 = g();
                if (g2 != null) {
                    g2.a();
                }
            }
        } finally {
            writeLock.unlock();
        }
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.Qa
    public InterfaceC0946b a() {
        return this.n;
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.Qa
    public final SSLEngine a(InterfaceC0821m interfaceC0821m, String str, int i2) {
        return a(interfaceC0821m, str, i2, true);
    }

    SSLEngine a(InterfaceC0821m interfaceC0821m, String str, int i2, boolean z) {
        return new ReferenceCountedOpenSslEngine(this, interfaceC0821m, str, i2, z, true);
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.Qa
    public final boolean d() {
        return this.o == 0;
    }

    public int f() {
        return this.x;
    }

    @Override // io.grpc.netty.shaded.io.netty.util.F
    public final io.grpc.netty.shaded.io.netty.util.F f(Object obj) {
        this.q.f(obj);
        return this;
    }

    public abstract AbstractC0973oa g();

    @Override // io.grpc.netty.shaded.io.netty.util.F
    public final io.grpc.netty.shaded.io.netty.util.F j() {
        this.q.j();
        return this;
    }

    @Override // io.grpc.netty.shaded.io.netty.util.F
    public final int k() {
        return this.q.k();
    }

    @Override // io.grpc.netty.shaded.io.netty.util.F
    public final boolean release() {
        return this.q.release();
    }
}
