package io.grpc.netty.shaded.io.netty.handler.ssl;

import a8.i0;
import io.grpc.netty.shaded.io.netty.handler.ssl.ApplicationProtocolConfig;
import io.grpc.netty.shaded.io.netty.internal.tcnative.CertificateVerifier;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSL;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSLContext;
import io.grpc.netty.shaded.io.netty.util.ResourceLeakDetector;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import m8.c0;
import m8.f0;
import m8.g0;
import m8.h0;
import m8.t;
import m8.u0;
import m8.x;
import p8.r;
import p8.s;
import p8.u;
import s8.a0;

/* loaded from: classes5.dex */
public abstract class n extends q implements r {

    /* renamed from: t, reason: collision with root package name */
    public static final Integer f31049t;

    /* renamed from: d, reason: collision with root package name */
    public long f31052d;

    /* renamed from: e, reason: collision with root package name */
    public final List<String> f31053e;

    /* renamed from: f, reason: collision with root package name */
    public final k f31054f;

    /* renamed from: g, reason: collision with root package name */
    public final int f31055g;

    /* renamed from: h, reason: collision with root package name */
    public final u<n> f31056h;

    /* renamed from: i, reason: collision with root package name */
    public final a f31057i;

    /* renamed from: j, reason: collision with root package name */
    public final Certificate[] f31058j;

    /* renamed from: k, reason: collision with root package name */
    public final ClientAuth f31059k;

    /* renamed from: l, reason: collision with root package name */
    public final String[] f31060l;

    /* renamed from: m, reason: collision with root package name */
    public final boolean f31061m;

    /* renamed from: n, reason: collision with root package name */
    public final e f31062n;

    /* renamed from: o, reason: collision with root package name */
    public final ReentrantReadWriteLock f31063o;

    /* renamed from: p, reason: collision with root package name */
    public volatile int f31064p;

    /* renamed from: q, reason: collision with root package name */
    public static final t8.b f31046q = t8.c.d(n.class.getName());

    /* renamed from: r, reason: collision with root package name */
    public static final int f31047r = Math.max(1, a0.d("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048));

    /* renamed from: s, reason: collision with root package name */
    public static final boolean f31048s = a0.c("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.useTasks", false);

    /* renamed from: u, reason: collision with root package name */
    public static final ResourceLeakDetector<n> f31050u = s.f34847b.a(n.class);

    /* renamed from: v, reason: collision with root package name */
    public static final b f31051v = new b();

    /* loaded from: classes5.dex */
    public class a extends p8.b {
        public a() {
        }

        @Override // p8.b
        public final void b() {
            x xVar;
            n nVar = n.this;
            Lock writeLock = nVar.f31063o.writeLock();
            writeLock.lock();
            try {
                long j10 = nVar.f31052d;
                if (j10 != 0) {
                    if (nVar.f31061m) {
                        SSLContext.disableOcsp(j10);
                    }
                    SSLContext.free(nVar.f31052d);
                    nVar.f31052d = 0L;
                    c0 q10 = nVar.q();
                    if (q10 != null && (xVar = q10.f33172a) != null) {
                        xVar.b();
                    }
                }
                writeLock.unlock();
                n nVar2 = n.this;
                u<n> uVar = nVar2.f31056h;
                if (uVar != null) {
                    uVar.b(nVar2);
                }
            } catch (Throwable th) {
                writeLock.unlock();
                throw th;
            }
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.grpc.netty.shaded.io.netty.util.ResourceLeakDetector$a, p8.u<io.grpc.netty.shaded.io.netty.handler.ssl.n>] */
        @Override // p8.r
        public final r touch(Object obj) {
            ?? r02 = n.this.f31056h;
            if (r02 != 0) {
                r02.d(obj);
            }
            return n.this;
        }
    }

    /* loaded from: classes5.dex */
    public static class b implements k {
        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.k
        public final ApplicationProtocolConfig.SelectorFailureBehavior a() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // m8.b
        public final List<String> b() {
            return Collections.emptyList();
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.k
        public final ApplicationProtocolConfig.SelectedListenerFailureBehavior d() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.k
        public final ApplicationProtocolConfig.Protocol protocol() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }
    }

    /* loaded from: classes5.dex */
    public static /* synthetic */ class c {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f31066a;

        /* renamed from: b, reason: collision with root package name */
        public static final /* synthetic */ int[] f31067b;

        /* renamed from: c, reason: collision with root package name */
        public static final /* synthetic */ int[] f31068c;

        static {
            int[] iArr = new int[ApplicationProtocolConfig.SelectedListenerFailureBehavior.values().length];
            f31068c = iArr;
            try {
                iArr[ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f31068c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[ApplicationProtocolConfig.SelectorFailureBehavior.values().length];
            f31067b = iArr2;
            try {
                iArr2[ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f31067b[ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr3 = new int[ApplicationProtocolConfig.Protocol.values().length];
            f31066a = iArr3;
            try {
                iArr3[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                f31066a[ApplicationProtocolConfig.Protocol.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f31066a[ApplicationProtocolConfig.Protocol.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f31066a[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* loaded from: classes5.dex */
    public static abstract class d extends CertificateVerifier {
    }

    /* loaded from: classes5.dex */
    public static final class e implements t {

        /* renamed from: a, reason: collision with root package name */
        public final Map<Long, o> f31069a;

        public e() {
            t8.b bVar = s8.p.f36163a;
            this.f31069a = new ConcurrentHashMap();
        }
    }

    static {
        Integer num = null;
        try {
            String b10 = a0.b("jdk.tls.ephemeralDHKeySize", null);
            if (b10 != null) {
                try {
                    num = Integer.valueOf(b10);
                } catch (NumberFormatException unused) {
                    f31046q.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + b10);
                }
            }
        } catch (Throwable unused2) {
        }
        f31049t = num;
    }

    public n(Iterable iterable, m8.d dVar, ApplicationProtocolConfig applicationProtocolConfig, ClientAuth clientAuth, boolean z10) throws SSLException {
        this(iterable, dVar, u(applicationProtocolConfig), 0, clientAuth, z10);
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public n(Iterable iterable, m8.d dVar, k kVar, int i2, ClientAuth clientAuth, boolean z10) throws SSLException {
        super(false);
        int i10 = 0;
        this.f31057i = new a();
        this.f31062n = new e();
        this.f31063o = new ReentrantReadWriteLock();
        this.f31064p = f31047r;
        Throwable th = m8.m.f33219b;
        if (th != null) {
            throw ((Error) new UnsatisfiedLinkError("failed to load the required native library").initCause(th));
        }
        if (i2 != 1 && i2 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.f31056h = (ResourceLeakDetector.a) (z10 ? f31050u.c(this) : null);
        this.f31055g = i2;
        if (e()) {
            Objects.requireNonNull(clientAuth, "clientAuth");
        } else {
            clientAuth = ClientAuth.NONE;
        }
        this.f31059k = clientAuth;
        this.f31060l = null;
        this.f31061m = false;
        this.f31058j = null;
        Objects.requireNonNull(dVar, "cipherFilter");
        List<String> asList = Arrays.asList(dVar.a(iterable, m8.m.f33220c, m8.m.f33223f));
        this.f31053e = asList;
        Objects.requireNonNull(kVar, "apn");
        this.f31054f = kVar;
        try {
            try {
                boolean z11 = m8.m.f33226i;
                this.f31052d = SSLContext.make(z11 ? 62 : 30, i2);
                StringBuilder sb2 = new StringBuilder();
                StringBuilder sb3 = new StringBuilder();
                try {
                    if (asList.isEmpty()) {
                        SSLContext.setCipherSuite(this.f31052d, "", false);
                        if (z11) {
                            SSLContext.setCipherSuite(this.f31052d, "", true);
                        }
                    } else {
                        m8.c.a(asList, sb2, sb3, m8.m.f33227j);
                        SSLContext.setCipherSuite(this.f31052d, sb2.toString(), false);
                        if (z11) {
                            SSLContext.setCipherSuite(this.f31052d, sb3.toString(), true);
                        }
                    }
                    int options = SSLContext.getOptions(this.f31052d);
                    int i11 = SSL.f31121b;
                    int i12 = SSL.f31122c;
                    int i13 = options | i11 | i12 | SSL.f31126g | SSL.f31120a | SSL.f31128i | SSL.f31127h;
                    SSLContext.setOptions(this.f31052d, sb2.length() == 0 ? i13 | i11 | i12 | SSL.f31123d | SSL.f31124e | SSL.f31125f : i13);
                    long j10 = this.f31052d;
                    SSLContext.setMode(j10, SSLContext.getMode(j10) | SSL.f31130k);
                    Integer num = f31049t;
                    if (num != null) {
                        SSLContext.setTmpDHLength(this.f31052d, num.intValue());
                    }
                    List<String> b10 = kVar.b();
                    if (!b10.isEmpty()) {
                        String[] strArr = (String[]) b10.toArray(new String[0]);
                        int i14 = c.f31067b[kVar.a().ordinal()];
                        if (i14 != 1) {
                            if (i14 != 2) {
                                throw new Error();
                            }
                            i10 = 1;
                        }
                        int i15 = c.f31066a[kVar.protocol().ordinal()];
                        if (i15 == 1) {
                            SSLContext.setNpnProtos(this.f31052d, strArr, i10);
                        } else if (i15 == 2) {
                            SSLContext.setAlpnProtos(this.f31052d, strArr, i10);
                        } else {
                            if (i15 != 3) {
                                throw new Error();
                            }
                            SSLContext.setNpnProtos(this.f31052d, strArr, i10);
                            SSLContext.setAlpnProtos(this.f31052d, strArr, i10);
                        }
                    }
                    SSLContext.setSessionCacheSize(this.f31052d, SSLContext.setSessionCacheSize(this.f31052d, 20480L));
                    SSLContext.setSessionCacheTimeout(this.f31052d, SSLContext.setSessionCacheTimeout(this.f31052d, 300L));
                    SSLContext.setUseTasks(this.f31052d, f31048s);
                } catch (SSLException e10) {
                    throw e10;
                } catch (Exception e11) {
                    throw new SSLException("failed to set cipher suite: " + this.f31053e, e11);
                }
            } catch (Exception e12) {
                throw new SSLException("failed to create an SSL_CTX", e12);
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    public static X509TrustManager k(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                t8.b bVar = s8.p.f36163a;
                if (s8.q.f36196g < 7) {
                    return (X509TrustManager) trustManager;
                }
                return g0.f33199b.a((X509TrustManager) trustManager);
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static X509KeyManager l(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    public static void m(long j10) {
        if (j10 != 0) {
            SSL.freeBIO(j10);
        }
    }

    public static long n(a8.j jVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int e12 = jVar.e1();
            if (SSL.bioWrite(newMemBIO, m8.m.d(jVar) + jVar.f1(), e12) == e12) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.release();
        }
    }

    public static x p(KeyManagerFactory keyManagerFactory) {
        if (keyManagerFactory instanceof f0) {
            f0.a.C0394a c0394a = ((f0) keyManagerFactory).f33189a.f33191b;
            if (c0394a != null) {
                return new f0.a.C0394a.C0395a(c0394a.f33192a, c0394a.f33193b, c0394a.f33194c);
            }
            throw new IllegalStateException("engineInit(...) not called yet");
        }
        if (!(keyManagerFactory instanceof m8.p)) {
            return new x(l(keyManagerFactory.getKeyManagers()), null);
        }
        m8.p pVar = (m8.p) keyManagerFactory;
        X509KeyManager l10 = l(pVar.getKeyManagers());
        return "sun.security.ssl.X509KeyManagerImpl".equals(l10.getClass().getName()) ? new x(l10, null) : new m8.n(l(pVar.getKeyManagers()));
    }

    public static long r(a8.k kVar, PrivateKey privateKey) throws Exception {
        h0 h0Var;
        if (privateKey == null) {
            return 0L;
        }
        byte[] bArr = PemPrivateKey.f30978h;
        if (privateKey instanceof h0) {
            h0Var = ((h0) privateKey).retain();
        } else {
            byte[] encoded = privateKey.getEncoded();
            if (encoded == null) {
                throw new IllegalArgumentException(privateKey.getClass().getName() + " does not support encoding");
            }
            a8.j d10 = i0.d(encoded);
            try {
                a8.j f10 = u0.f(kVar, d10);
                try {
                    byte[] bArr2 = PemPrivateKey.f30978h;
                    int length = bArr2.length + f10.e1();
                    byte[] bArr3 = PemPrivateKey.f30979i;
                    a8.j h10 = kVar.h(length + bArr3.length);
                    try {
                        h10.P1(bArr2);
                        h10.L1(f10);
                        h10.P1(bArr3);
                        m8.i0 i0Var = new m8.i0(h10, true);
                        u0.i(f10);
                        f10.release();
                        u0.i(d10);
                        d10.release();
                        h0Var = i0Var;
                    } catch (Throwable th) {
                        u0.j(h10);
                        throw th;
                    }
                } catch (Throwable th2) {
                    u0.j(f10);
                    throw th2;
                }
            } catch (Throwable th3) {
                u0.j(d10);
                throw th3;
            }
        }
        try {
            return s(kVar, h0Var.retain());
        } finally {
            h0Var.release();
        }
    }

    public static long s(a8.k kVar, h0 h0Var) throws Exception {
        try {
            a8.j content = h0Var.content();
            if (content.z0()) {
                return n(content.k1());
            }
            a8.j h10 = kVar.h(content.e1());
            try {
                h10.N1(content, content.f1(), content.e1());
                long n8 = n(h10.k1());
                try {
                    if (h0Var.isSensitive()) {
                        u0.i(h10);
                    }
                    return n8;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (h0Var.isSensitive()) {
                        u0.i(h10);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            h0Var.release();
        }
    }

    public static long t(a8.k kVar, X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        h0 b10 = PemX509Certificate.b(kVar, x509CertificateArr);
        try {
            return s(kVar, b10.retain());
        } finally {
            b10.release();
        }
    }

    public static k u(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return f31051v;
        }
        int i2 = c.f31066a[applicationProtocolConfig.f30970b.ordinal()];
        if (i2 != 1 && i2 != 2 && i2 != 3) {
            if (i2 == 4) {
                return f31051v;
            }
            throw new Error();
        }
        int i10 = c.f31068c[applicationProtocolConfig.f30972d.ordinal()];
        if (i10 != 1 && i10 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.f30972d + " behavior");
        }
        int i11 = c.f31067b[applicationProtocolConfig.f30971c.ordinal()];
        if (i11 == 1 || i11 == 2) {
            return new l(applicationProtocolConfig);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.f30971c + " behavior");
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.q
    public final m8.b a() {
        return this.f31054f;
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.q
    public final boolean c() {
        return this.f31055g == 0;
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.q
    public final SSLEngine f(a8.k kVar, String str, int i2) {
        return o(kVar, str, i2);
    }

    public SSLEngine o(a8.k kVar, String str, int i2) {
        return new o(this, kVar, str, i2, true);
    }

    public abstract c0 q();

    @Override // p8.r
    public final int refCnt() {
        return this.f31057i.refCnt();
    }

    @Override // p8.r
    public final boolean release() {
        return this.f31057i.release();
    }

    @Override // p8.r
    public final boolean release(int i2) {
        return this.f31057i.release(i2);
    }

    @Override // p8.r
    public final r retain() {
        this.f31057i.retain();
        return this;
    }

    @Override // p8.r
    public final r retain(int i2) {
        this.f31057i.retain(i2);
        return this;
    }

    @Override // p8.r
    public final r touch() {
        this.f31057i.touch();
        return this;
    }

    @Override // p8.r
    public final r touch(Object obj) {
        this.f31057i.touch(obj);
        return this;
    }
}
