package hk;

import hk.x0;
import io.netty.internal.tcnative.CertificateVerifier;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import io.netty.internal.tcnative.SSLPrivateKeyMethod;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import kk.s;

/* compiled from: ReferenceCountedOpenSslContext.java */
/* loaded from: classes9.dex */
public abstract class e1 extends m1 implements kk.r {

    /* renamed from: t, reason: collision with root package name */
    public static final Integer f41350t;

    /* renamed from: d, reason: collision with root package name */
    public long f41357d;

    /* renamed from: e, reason: collision with root package name */
    public final List<String> f41358e;

    /* renamed from: f, reason: collision with root package name */
    public final z f41359f;

    /* renamed from: g, reason: collision with root package name */
    public final int f41360g;

    /* renamed from: h, reason: collision with root package name */
    public final s.a f41361h;

    /* renamed from: i, reason: collision with root package name */
    public final a f41362i;
    public final Certificate[] j;

    /* renamed from: k, reason: collision with root package name */
    public final int f41363k;

    /* renamed from: l, reason: collision with root package name */
    public final String[] f41364l;

    /* renamed from: m, reason: collision with root package name */
    public final boolean f41365m;

    /* renamed from: n, reason: collision with root package name */
    public final d f41366n;

    /* renamed from: o, reason: collision with root package name */
    public final ReentrantReadWriteLock f41367o;

    /* renamed from: p, reason: collision with root package name */
    public volatile int f41368p;

    /* renamed from: q, reason: collision with root package name */
    public static final ok.c f41347q = ok.d.b(e1.class.getName());

    /* renamed from: r, reason: collision with root package name */
    public static final int f41348r = Math.max(1, nk.c0.d("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048));

    /* renamed from: s, reason: collision with root package name */
    public static final boolean f41349s = nk.c0.c("io.netty.handler.ssl.openssl.useTasks", false);

    /* renamed from: u, reason: collision with root package name */
    public static final kk.s<e1> f41351u = kk.t.f46382b.b(e1.class);

    /* renamed from: v, reason: collision with root package name */
    public static final boolean f41352v = nk.c0.c("jdk.tls.client.enableSessionTicketExtension", false);

    /* renamed from: w, reason: collision with root package name */
    public static final boolean f41353w = nk.c0.c("jdk.tls.client.enableSessionTicketExtension", true);

    /* renamed from: x, reason: collision with root package name */
    public static final boolean f41354x = nk.c0.c("jdk.tls.server.enableSessionTicketExtension", false);

    /* renamed from: y, reason: collision with root package name */
    public static final boolean f41355y = nk.c0.c("jdk.tls.server.enableSessionTicketExtension", true);

    /* renamed from: z, reason: collision with root package name */
    public static final boolean f41356z = nk.c0.c("io.netty.handler.ssl.openssl.sessionCacheServer", true);
    public static final boolean A = nk.c0.c("io.netty.handler.ssl.openssl.sessionCacheClient", false);
    public static final b B = new b();

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes9.dex */
    public class a extends kk.b {
        public a() {
        }

        @Override // kk.b
        public final void b() {
            e1 e1Var = e1.this;
            e1Var.u();
            s.a aVar = e1Var.f41361h;
            if (aVar != null) {
                aVar.b(e1Var);
            }
        }

        @Override // kk.r
        public final kk.r r(Object obj) {
            e1 e1Var = e1.this;
            s.a aVar = e1Var.f41361h;
            if (aVar != null) {
                aVar.e(obj);
            }
            return e1Var;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes9.dex */
    public static class b implements z {
        @Override // hk.c
        public final List<String> a() {
            return Collections.emptyList();
        }

        @Override // hk.z
        public final int c() {
            return 1;
        }

        @Override // hk.z
        public final int d() {
            return 3;
        }

        @Override // hk.z
        public final int f() {
            return 1;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes9.dex */
    public static abstract class c extends CertificateVerifier {
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes9.dex */
    public static final class d implements j0 {

        /* renamed from: a, reason: collision with root package name */
        public final ConcurrentHashMap f41370a;

        public d() {
            ok.c cVar = nk.r.f50314a;
            this.f41370a = new ConcurrentHashMap();
        }

        public final void a(f1 f1Var) {
            long j;
            ConcurrentHashMap concurrentHashMap = this.f41370a;
            synchronized (f1Var) {
                j = f1Var.f41373c;
            }
            concurrentHashMap.put(Long.valueOf(j), f1Var);
        }

        public final f1 b(long j) {
            return (f1) this.f41370a.remove(Long.valueOf(j));
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes9.dex */
    public static final class e implements SSLPrivateKeyMethod {

        /* renamed from: a, reason: collision with root package name */
        public final o0 f41371a;

        public e(o0 o0Var) {
            this.f41371a = o0Var;
        }
    }

    static {
        Integer num = null;
        try {
            String b10 = nk.c0.b("jdk.tls.ephemeralDHKeySize", null);
            if (b10 != null) {
                try {
                    num = Integer.valueOf(b10);
                } catch (NumberFormatException unused) {
                    f41347q.t("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: ".concat(b10));
                }
            }
        } catch (Throwable unused2) {
        }
        f41350t = num;
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public e1(Iterable iterable, hk.e eVar, z zVar, int i10, Certificate[] certificateArr, String[] strArr, boolean z10, Map.Entry... entryArr) throws SSLException {
        super(0);
        o0 o0Var;
        int i11 = 0;
        this.f41362i = new a();
        this.f41366n = new d();
        this.f41367o = new ReentrantReadWriteLock();
        this.f41368p = f41348r;
        y.d();
        if (i10 != 1 && i10 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        boolean z11 = f41349s;
        if (entryArr != null) {
            o0Var = null;
            for (Map.Entry entry : entryArr) {
                o1 o1Var = (o1) entry.getKey();
                if (o1Var == g0.f41419i) {
                    ((Boolean) entry.getValue()).booleanValue();
                } else if (o1Var == g0.f41418h) {
                    z11 = ((Boolean) entry.getValue()).booleanValue();
                } else if (o1Var == g0.j) {
                    o0Var = (o0) entry.getValue();
                } else {
                    f41347q.t("Skipping unsupported " + o1.class.getSimpleName() + ": " + entry.getKey());
                }
            }
        } else {
            o0Var = null;
        }
        this.f41361h = z10 ? f41351u.c(this) : null;
        this.f41360g = i10;
        if (h()) {
            android.support.v4.media.f.e(1, "clientAuth");
        }
        this.f41363k = 1;
        this.f41364l = strArr;
        this.f41365m = false;
        this.j = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        x5.e1.T0(eVar, "cipherFilter");
        List<String> asList = Arrays.asList(eVar.b(iterable, y.f41577c, y.a()));
        this.f41358e = asList;
        x5.e1.T0(zVar, "apn");
        this.f41359f = zVar;
        try {
            boolean g10 = y.g();
            try {
                this.f41357d = SSLContext.make(g10 ? 62 : 30, i10);
                StringBuilder sb2 = new StringBuilder();
                StringBuilder sb3 = new StringBuilder();
                try {
                    try {
                        if (asList.isEmpty()) {
                            SSLContext.setCipherSuite(this.f41357d, "", false);
                            if (g10) {
                                SSLContext.setCipherSuite(this.f41357d, "", true);
                            }
                        } else {
                            hk.d.a(asList, sb2, sb3, y.f());
                            SSLContext.setCipherSuite(this.f41357d, sb2.toString(), false);
                            if (g10) {
                                SSLContext.setCipherSuite(this.f41357d, sb3.toString(), true);
                            }
                        }
                        int options = SSLContext.getOptions(this.f41357d) | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_CIPHER_SERVER_PREFERENCE | SSL.SSL_OP_NO_COMPRESSION | SSL.SSL_OP_NO_TICKET;
                        SSLContext.setOptions(this.f41357d, sb2.length() == 0 ? options | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1 | SSL.SSL_OP_NO_TLSv1_1 | SSL.SSL_OP_NO_TLSv1_2 : options);
                        long j = this.f41357d;
                        SSLContext.setMode(j, SSLContext.getMode(j) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
                        Integer num = f41350t;
                        if (num != null) {
                            SSLContext.setTmpDHLength(this.f41357d, num.intValue());
                        }
                        List<String> a10 = zVar.a();
                        if (!a10.isEmpty()) {
                            String[] strArr2 = (String[]) a10.toArray(new String[0]);
                            int b10 = e.a.b(zVar.d());
                            if (b10 != 1) {
                                if (b10 != 2) {
                                    throw new Error();
                                }
                                i11 = 1;
                            }
                            int b11 = e.a.b(zVar.c());
                            if (b11 == 1) {
                                SSLContext.setNpnProtos(this.f41357d, strArr2, i11);
                            } else if (b11 == 2) {
                                SSLContext.setAlpnProtos(this.f41357d, strArr2, i11);
                            } else {
                                if (b11 != 3) {
                                    throw new Error();
                                }
                                SSLContext.setNpnProtos(this.f41357d, strArr2, i11);
                                SSLContext.setAlpnProtos(this.f41357d, strArr2, i11);
                            }
                        }
                        SSLContext.setUseTasks(this.f41357d, z11);
                        if (o0Var != null) {
                            SSLContext.setPrivateKeyMethod(this.f41357d, new e(o0Var));
                        }
                    } catch (Exception e10) {
                        throw new SSLException("failed to set cipher suite: " + this.f41358e, e10);
                    }
                } catch (SSLException e11) {
                    throw e11;
                }
            } catch (Exception e12) {
                throw new SSLException("failed to create an SSL_CTX", e12);
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    public static m0 A(KeyManagerFactory keyManagerFactory, String str) {
        if (keyManagerFactory instanceof x0) {
            x0.a.C0549a c0549a = ((x0) keyManagerFactory).f41562a.f41564b;
            if (c0549a != null) {
                return new x0.a.C0549a.C0550a(c0549a.f41565a, c0549a.f41566b, c0549a.f41567c);
            }
            throw new IllegalStateException("engineInit(...) not called yet");
        }
        if (!(keyManagerFactory instanceof c0)) {
            return new m0(s(keyManagerFactory.getKeyManagers()), str);
        }
        c0 c0Var = (c0) keyManagerFactory;
        X509KeyManager s4 = s(c0Var.getKeyManagers());
        return "sun.security.ssl.X509KeyManagerImpl".equals(s4.getClass().getName()) ? new m0(s4, str) : new a0(s(c0Var.getKeyManagers()), str);
    }

    public static void C(long j, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j10;
        long j11;
        long j12 = 0;
        z0 z0Var = null;
        try {
            try {
                xj.b bVar = xj.k.f64445a;
                z0Var = c1.b(bVar, x509CertificateArr);
                j11 = D(bVar, z0Var.e());
                try {
                    long D = D(bVar, z0Var.e());
                    if (privateKey != null) {
                        try {
                            j12 = E(bVar, privateKey);
                        } catch (SSLException e10) {
                            throw e10;
                        } catch (Exception e11) {
                            e = e11;
                            throw new SSLException("failed to set certificate and key", e);
                        } catch (Throwable th2) {
                            th = th2;
                            j10 = D;
                            w(j12);
                            w(j11);
                            w(j10);
                            if (z0Var != null) {
                                z0Var.release();
                            }
                            throw th;
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j, j11, j12, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j, D, true);
                        w(j12);
                        w(j11);
                        w(D);
                        z0Var.release();
                    } catch (SSLException e12) {
                    } catch (Exception e13) {
                        e = e13;
                        throw new SSLException("failed to set certificate and key", e);
                    }
                } catch (SSLException e14) {
                } catch (Exception e15) {
                    e = e15;
                } catch (Throwable th3) {
                    th = th3;
                    j10 = 0;
                }
            } catch (Throwable th4) {
                th = th4;
            }
        } catch (SSLException e16) {
            throw e16;
        } catch (Exception e17) {
            e = e17;
        } catch (Throwable th5) {
            th = th5;
            j10 = 0;
            j11 = 0;
        }
    }

    public static long D(xj.b bVar, z0 z0Var) throws Exception {
        try {
            xj.j t10 = z0Var.t();
            if (t10.O0()) {
                return y(t10.K1());
            }
            xj.j e10 = bVar.e(t10.E1());
            try {
                e10.i2(t10.F1(), t10.E1(), t10);
                long y4 = y(e10.K1());
                try {
                    if (z0Var.f()) {
                        x1.i(e10);
                    }
                    return y4;
                } finally {
                }
            } catch (Throwable th2) {
                try {
                    if (z0Var.f()) {
                        x1.i(e10);
                    }
                    throw th2;
                } finally {
                }
            }
        } finally {
            z0Var.release();
        }
    }

    public static long E(xj.b bVar, PrivateKey privateKey) throws Exception {
        z0 z0Var;
        if (privateKey == null) {
            return 0L;
        }
        byte[] bArr = a1.f41321h;
        if (privateKey instanceof z0) {
            z0Var = ((z0) privateKey).e();
        } else {
            byte[] encoded = privateKey.getEncoded();
            if (encoded == null) {
                throw new IllegalArgumentException(privateKey.getClass().getName().concat(" does not support encoding"));
            }
            xj.j d10 = xj.j0.d(encoded);
            try {
                ok.c cVar = x1.f41569a;
                xj.j f10 = ak.b.f(d10, d10.F1(), d10.E1(), true, dk.a.STANDARD, bVar);
                d10.G1(d10.v2());
                try {
                    byte[] bArr2 = a1.f41321h;
                    int length = bArr2.length + f10.E1();
                    byte[] bArr3 = a1.f41322i;
                    xj.j e10 = bVar.e(length + bArr3.length);
                    try {
                        e10.n2(bArr2);
                        e10.m2(f10);
                        e10.n2(bArr3);
                        b1 b1Var = new b1(e10, true);
                        x1.i(d10);
                        d10.release();
                        z0Var = b1Var;
                    } finally {
                    }
                } finally {
                    x1.i(f10);
                    f10.release();
                }
            } catch (Throwable th2) {
                x1.i(d10);
                d10.release();
                throw th2;
            }
        }
        try {
            return D(bVar, z0Var.e());
        } finally {
            z0Var.release();
        }
    }

    public static long F(xj.b bVar, X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        z0 b10 = c1.b(bVar, x509CertificateArr);
        try {
            return D(bVar, b10.e());
        } finally {
            b10.release();
        }
    }

    public static z G(hk.b bVar) {
        int b10;
        b bVar2 = B;
        if (bVar == null || (b10 = e.a.b(bVar.f41325b)) == 0) {
            return bVar2;
        }
        if (b10 != 1 && b10 != 2 && b10 != 3) {
            throw new Error();
        }
        int i10 = bVar.f41327d;
        int b11 = e.a.b(i10);
        if (b11 != 0 && b11 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + android.support.v4.media.a.q(i10) + " behavior");
        }
        int i11 = bVar.f41326c;
        int b12 = e.a.b(i11);
        if (b12 == 1 || b12 == 2) {
            return new h0(bVar);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + a1.b.w(i11) + " behavior");
    }

    public static boolean H(X509TrustManager x509TrustManager) {
        ok.c cVar = nk.r.f50314a;
        return nk.s.f50345h >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    public static X509TrustManager p(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                ok.c cVar = nk.r.f50314a;
                if (nk.s.f50345h < 7) {
                    return (X509TrustManager) trustManager;
                }
                return y0.f41586b.a((X509TrustManager) trustManager);
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static X509KeyManager s(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    public static void w(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    public static long y(xj.j jVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int E1 = jVar.E1();
            if (SSL.bioWrite(newMemBIO, y.i(jVar) + jVar.F1(), E1) == E1) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.release();
        }
    }

    @Override // hk.m1
    /* renamed from: B, reason: merged with bridge method [inline-methods] */
    public abstract t0 l();

    @Override // hk.m1
    public final hk.c a() {
        return this.f41359f;
    }

    @Override // kk.r
    public final kk.r e() {
        this.f41362i.e();
        return this;
    }

    @Override // hk.m1
    public final boolean g() {
        return this.f41360g == 0;
    }

    @Override // hk.m1
    public final SSLEngine k(xj.k kVar, String str, int i10) {
        return z(kVar, str, i10);
    }

    @Override // kk.r
    public final int m() {
        return this.f41362i.m();
    }

    @Override // kk.r
    public final kk.r r(Object obj) {
        this.f41362i.r(obj);
        return this;
    }

    @Override // kk.r
    public final boolean release() {
        return this.f41362i.release();
    }

    public final void u() {
        Lock writeLock = this.f41367o.writeLock();
        writeLock.lock();
        try {
            long j = this.f41357d;
            if (j != 0) {
                if (this.f41365m) {
                    SSLContext.disableOcsp(j);
                }
                SSLContext.free(this.f41357d);
                this.f41357d = 0L;
                t0 l10 = l();
                if (l10 != null) {
                    l10.a();
                }
            }
        } finally {
            writeLock.unlock();
        }
    }

    public final int x() {
        return this.f41368p;
    }

    public SSLEngine z(xj.k kVar, String str, int i10) {
        return new f1(this, kVar, str, i10, true);
    }
}
