package io.grpc.netty.shaded.io.netty.handler.ssl;

import io.grpc.netty.shaded.io.netty.handler.ssl.b;
import io.grpc.netty.shaded.io.netty.internal.tcnative.CertificateVerifier;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSL;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSLContext;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* compiled from: ReferenceCountedOpenSslContext.java */
/* loaded from: classes3.dex */
public abstract class a1 extends d1 implements io.grpc.netty.shaded.io.netty.util.n {
    private static final Integer p0;
    protected long e0;
    private final List<String> f0;
    private final int g0;
    private final io.grpc.netty.shaded.io.netty.util.s<a1> h0;
    private final io.grpc.netty.shaded.io.netty.util.a i0;
    final boolean j0;
    final i0 k0;
    final ReadWriteLock l0;
    private static final io.grpc.netty.shaded.io.netty.util.v.e0.c m0 = io.grpc.netty.shaded.io.netty.util.v.e0.d.a((Class<?>) a1.class);
    private static final int n0 = Math.max(1, io.grpc.netty.shaded.io.netty.util.v.z.a("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048));
    static final boolean o0 = io.grpc.netty.shaded.io.netty.util.v.z.a("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.useTasks", false);
    private static final io.grpc.netty.shaded.io.netty.util.p<a1> q0 = io.grpc.netty.shaded.io.netty.util.q.b().a(a1.class);
    static final b0 r0 = new b();

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes3.dex */
    class a extends io.grpc.netty.shaded.io.netty.util.a {
        a() {
        }

        @Override // io.grpc.netty.shaded.io.netty.util.n
        public io.grpc.netty.shaded.io.netty.util.n a(Object obj) {
            if (a1.this.h0 != null) {
                a1.this.h0.b(obj);
            }
            return a1.this;
        }

        @Override // io.grpc.netty.shaded.io.netty.util.a
        protected void a() {
            a1.this.k();
            if (a1.this.h0 != null) {
                a1.this.h0.a(a1.this);
            }
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes3.dex */
    static class b implements b0 {
        b() {
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.c
        public List<String> a() {
            return Collections.emptyList();
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.b0
        public b.c b() {
            return b.c.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.b0
        public b.a protocol() {
            return b.a.NONE;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class c {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f9305a;

        /* renamed from: b, reason: collision with root package name */
        static final /* synthetic */ int[] f9306b;

        /* renamed from: c, reason: collision with root package name */
        static final /* synthetic */ int[] f9307c = new int[b.EnumC0357b.values().length];

        static {
            try {
                f9307c[b.EnumC0357b.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f9307c[b.EnumC0357b.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            f9306b = new int[b.c.values().length];
            try {
                f9306b[b.c.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f9306b[b.c.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            f9305a = new int[b.a.values().length];
            try {
                f9305a[b.a.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                f9305a[b.a.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f9305a[b.a.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f9305a[b.a.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes3.dex */
    static abstract class d extends CertificateVerifier {
        /* JADX INFO: Access modifiers changed from: package-private */
        public d(i0 i0Var) {
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes3.dex */
    private static final class e implements i0 {

        /* renamed from: a, reason: collision with root package name */
        private final Map<Long, b1> f9308a;

        private e() {
            this.f9308a = io.grpc.netty.shaded.io.netty.util.v.q.y();
        }

        /* synthetic */ e(a aVar) {
            this();
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.i0
        public b1 a(long j) {
            return this.f9308a.remove(Long.valueOf(j));
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.i0
        public void a(b1 b1Var) {
            this.f9308a.put(Long.valueOf(b1Var.h()), b1Var);
        }
    }

    static {
        Integer num = null;
        try {
            String b2 = io.grpc.netty.shaded.io.netty.util.v.z.b("jdk.tls.ephemeralDHKeySize");
            if (b2 != null) {
                try {
                    num = Integer.valueOf(b2);
                } catch (NumberFormatException unused) {
                    m0.b("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + b2);
                }
            }
        } catch (Throwable unused2) {
        }
        p0 = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public a1(Iterable<String> iterable, f fVar, b0 b0Var, long j, long j2, int i, Certificate[] certificateArr, g gVar, String[] strArr, boolean z, boolean z2, boolean z3) {
        super(z);
        this.i0 = new a();
        this.k0 = new e(0 == true ? 1 : 0);
        this.l0 = new ReentrantReadWriteLock();
        a0.c();
        if (z2 && !a0.g()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.h0 = z3 ? q0.a((io.grpc.netty.shaded.io.netty.util.p<a1>) this) : null;
        this.g0 = i;
        if (c()) {
            io.grpc.netty.shaded.io.netty.util.v.o.a(gVar, "clientAuth");
        } else {
            g gVar2 = g.NONE;
        }
        this.j0 = z2;
        if (certificateArr != null) {
        }
        io.grpc.netty.shaded.io.netty.util.v.o.a(fVar, "cipherFilter");
        this.f0 = Arrays.asList(fVar.a(iterable, a0.f9299c, a0.a()));
        io.grpc.netty.shaded.io.netty.util.v.o.a(b0Var, "apn");
        try {
            try {
                this.e0 = SSLContext.make(a0.h() ? 62 : 30, i);
                boolean h2 = a0.h();
                StringBuilder sb = new StringBuilder();
                StringBuilder sb2 = new StringBuilder();
                try {
                    try {
                        if (this.f0.isEmpty()) {
                            SSLContext.setCipherSuite(this.e0, "", false);
                            if (h2) {
                                SSLContext.setCipherSuite(this.e0, "", true);
                            }
                        } else {
                            io.grpc.netty.shaded.io.netty.handler.ssl.e.a(this.f0, sb, sb2, a0.f());
                            SSLContext.setCipherSuite(this.e0, sb.toString(), false);
                            if (h2) {
                                SSLContext.setCipherSuite(this.e0, sb2.toString(), true);
                            }
                        }
                        int options = SSLContext.getOptions(this.e0) | SSL.f9390b | SSL.f9391c | SSL.f9395g | SSL.f9389a | SSL.i | SSL.f9396h;
                        SSLContext.setOptions(this.e0, sb.length() == 0 ? options | SSL.f9390b | SSL.f9391c | SSL.f9392d | SSL.f9393e | SSL.f9394f : options);
                        SSLContext.setMode(this.e0, SSLContext.getMode(this.e0) | SSL.j);
                        if (p0 != null) {
                            SSLContext.setTmpDHLength(this.e0, p0.intValue());
                        }
                        List<String> a2 = b0Var.a();
                        if (!a2.isEmpty()) {
                            String[] strArr2 = (String[]) a2.toArray(new String[0]);
                            int a3 = a(b0Var.b());
                            int i2 = c.f9305a[b0Var.protocol().ordinal()];
                            if (i2 == 1) {
                                SSLContext.setNpnProtos(this.e0, strArr2, a3);
                            } else if (i2 == 2) {
                                SSLContext.setAlpnProtos(this.e0, strArr2, a3);
                            } else {
                                if (i2 != 3) {
                                    throw new Error();
                                }
                                SSLContext.setNpnProtos(this.e0, strArr2, a3);
                                SSLContext.setAlpnProtos(this.e0, strArr2, a3);
                            }
                        }
                        SSLContext.setSessionCacheSize(this.e0, j <= 0 ? SSLContext.setSessionCacheSize(this.e0, 20480L) : j);
                        SSLContext.setSessionCacheTimeout(this.e0, j2 <= 0 ? SSLContext.setSessionCacheTimeout(this.e0, 300L) : j2);
                        if (z2) {
                            SSLContext.enableOcsp(this.e0, a());
                        }
                        SSLContext.setUseTasks(this.e0, o0);
                    } catch (SSLException e2) {
                        throw e2;
                    }
                } catch (Exception e3) {
                    throw new SSLException("failed to set cipher suite: " + this.f0, e3);
                }
            } catch (Exception e4) {
                throw new SSLException("failed to create an SSL_CTX", e4);
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public a1(Iterable<String> iterable, f fVar, io.grpc.netty.shaded.io.netty.handler.ssl.b bVar, long j, long j2, int i, Certificate[] certificateArr, g gVar, String[] strArr, boolean z, boolean z2, boolean z3) {
        this(iterable, fVar, a(bVar), j, j2, i, certificateArr, gVar, strArr, z, z2, z3);
    }

    private static int a(b.c cVar) {
        int i = c.f9306b[cVar.ordinal()];
        if (i == 1) {
            return 0;
        }
        if (i == 2) {
            return 1;
        }
        throw new Error();
    }

    private static long a(io.grpc.u1.a.a.b.b.i iVar) {
        try {
            long newMemBIO = SSL.newMemBIO();
            int z = iVar.z();
            if (SSL.bioWrite(newMemBIO, a0.a(iVar) + iVar.A(), z) == z) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            iVar.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(io.grpc.u1.a.a.b.b.j jVar, v0 v0Var) {
        try {
            io.grpc.u1.a.a.b.b.i e2 = v0Var.e();
            if (e2.o()) {
                return a(e2.B());
            }
            io.grpc.u1.a.a.b.b.i b2 = jVar.b(e2.z());
            try {
                b2.a(e2, e2.A(), e2.z());
                long a2 = a(b2.B());
                try {
                    if (v0Var.d()) {
                        g1.a(b2);
                    }
                    return a2;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (v0Var.d()) {
                        g1.a(b2);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            v0Var.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(io.grpc.u1.a.a.b.b.j jVar, PrivateKey privateKey) {
        if (privateKey == null) {
            return 0L;
        }
        v0 a2 = w0.a(jVar, true, privateKey);
        try {
            return a(jVar, a2.retain());
        } finally {
            a2.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(io.grpc.u1.a.a.b.b.j jVar, X509Certificate... x509CertificateArr) {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        v0 a2 = y0.a(jVar, true, x509CertificateArr);
        try {
            return a(jVar, a2.retain());
        } finally {
            a2.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static b0 a(io.grpc.netty.shaded.io.netty.handler.ssl.b bVar) {
        if (bVar == null) {
            return r0;
        }
        int i = c.f9305a[bVar.a().ordinal()];
        if (i != 1 && i != 2 && i != 3) {
            if (i == 4) {
                return r0;
            }
            throw new Error();
        }
        int i2 = c.f9307c[bVar.b().ordinal()];
        if (i2 != 1 && i2 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + bVar.b() + " behavior");
        }
        int i3 = c.f9306b[bVar.c().ordinal()];
        if (i3 == 1 || i3 == 2) {
            return new g0(bVar);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + bVar.c() + " behavior");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static l0 a(KeyManagerFactory keyManagerFactory, String str) {
        return keyManagerFactory instanceof t0 ? ((t0) keyManagerFactory).a() : keyManagerFactory instanceof d0 ? ((d0) keyManagerFactory).a(str) : new l0(a(keyManagerFactory.getKeyManagers()), str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager a(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return io.grpc.netty.shaded.io.netty.util.v.q.u() >= 7 ? u0.a((X509TrustManager) trustManager) : (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(long j, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) {
        long j2;
        long j3;
        long j4 = 0;
        v0 v0Var = null;
        try {
            try {
                v0Var = y0.a(io.grpc.u1.a.a.b.b.j.f10330a, true, x509CertificateArr);
                j3 = a(io.grpc.u1.a.a.b.b.j.f10330a, v0Var.retain());
                try {
                    long a2 = a(io.grpc.u1.a.a.b.b.j.f10330a, v0Var.retain());
                    if (privateKey != null) {
                        try {
                            j4 = a(io.grpc.u1.a.a.b.b.j.f10330a, privateKey);
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            e = e3;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j, j3, j4, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j, a2, true);
                        a(j4);
                        a(j3);
                        a(a2);
                        if (v0Var != null) {
                            v0Var.release();
                        }
                    } catch (SSLException e4) {
                        throw e4;
                    } catch (Exception e5) {
                        e = e5;
                        throw new SSLException("failed to set certificate and key", e);
                    } catch (Throwable th) {
                        th = th;
                        j2 = a2;
                        a(j4);
                        a(j3);
                        a(j2);
                        if (v0Var != null) {
                            v0Var.release();
                        }
                        throw th;
                    }
                } catch (SSLException e6) {
                    throw e6;
                } catch (Exception e7) {
                    e = e7;
                } catch (Throwable th2) {
                    th = th2;
                    j2 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e8) {
            throw e8;
        } catch (Exception e9) {
            e = e9;
        } catch (Throwable th4) {
            th = th4;
            j2 = 0;
            j3 = 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509TrustManager x509TrustManager) {
        return io.grpc.netty.shaded.io.netty.util.v.q.u() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void k() {
        Lock writeLock = this.l0.writeLock();
        writeLock.lock();
        try {
            if (this.e0 != 0) {
                if (this.j0) {
                    SSLContext.disableOcsp(this.e0);
                }
                SSLContext.free(this.e0);
                this.e0 = 0L;
                q0 i = i();
                if (i != null) {
                    i.a();
                }
            }
        } finally {
            writeLock.unlock();
        }
    }

    @Override // io.grpc.netty.shaded.io.netty.util.n
    public final io.grpc.netty.shaded.io.netty.util.n a(Object obj) {
        this.i0.a(obj);
        return this;
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.d1
    public final boolean a() {
        return this.g0 == 0;
    }

    @Override // io.grpc.netty.shaded.io.netty.util.n
    public final int b() {
        return this.i0.b();
    }

    public abstract q0 i();

    @Override // io.grpc.netty.shaded.io.netty.util.n
    public final boolean release() {
        return this.i0.release();
    }

    @Override // io.grpc.netty.shaded.io.netty.util.n
    public final io.grpc.netty.shaded.io.netty.util.n retain() {
        this.i0.retain();
        return this;
    }
}
