package io.grpc.netty.shaded.io.netty.handler.ssl;

import io.grpc.netty.shaded.io.netty.handler.ssl.y0;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSLContext;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Objects;
import java.util.concurrent.locks.Lock;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;

/* compiled from: ReferenceCountedOpenSslServerContext.java */
/* loaded from: classes4.dex */
public final class a1 extends y0 {
    private static final byte[] F;
    private static final boolean G;
    private final n0 E;

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslServerContext.java */
    /* loaded from: classes4.dex */
    public static final class a extends y0.d {
        a(g0 g0Var, X509ExtendedTrustManager x509ExtendedTrustManager) {
            super(g0Var);
            r0.a(x509ExtendedTrustManager);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslServerContext.java */
    /* loaded from: classes4.dex */
    public static final class b implements io.grpc.netty.shaded.io.netty.internal.tcnative.a {
        b(g0 g0Var, j0 j0Var) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslServerContext.java */
    /* loaded from: classes4.dex */
    public static final class c implements io.grpc.netty.shaded.io.netty.internal.tcnative.d {
        c(g0 g0Var) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslServerContext.java */
    /* loaded from: classes4.dex */
    public static final class d extends y0.d {
        d(g0 g0Var, X509TrustManager x509TrustManager) {
            super(g0Var);
        }
    }

    static {
        io.grpc.netty.shaded.io.netty.util.internal.logging.c.a(a1.class.getName());
        F = new byte[]{110, 101, 116, 116, 121};
        G = io.grpc.netty.shaded.io.netty.util.internal.a0.c("jdk.tls.server.enableSessionTicketExtension", false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public a1(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, e eVar, ApplicationProtocolConfig applicationProtocolConfig, long j10, long j11, ClientAuth clientAuth, String[] strArr, boolean z10, boolean z11, String str2) {
        super(iterable, eVar, y0.C(applicationProtocolConfig), j10, j11, 1, (Certificate[]) x509CertificateArr2, clientAuth, strArr, z10, z11, true);
        try {
            n0 D = D(this, this.f17481l, this.f17491v, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, str2);
            this.E = D;
            if (G) {
                D.b(new q0[0]);
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static n0 D(y0 y0Var, long j10, g0 g0Var, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, String str2) {
        k0 k0Var;
        try {
            try {
                SSLContext.setVerify(j10, 0, 10);
                if (y.m()) {
                    if (keyManagerFactory == null) {
                        char[] k10 = e1.k(str);
                        KeyStore e10 = e1.e(x509CertificateArr2, privateKey, k10, str2);
                        KeyManagerFactory t0Var = e10.aliases().hasMoreElements() ? new t0() : new b0(KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()), 1024);
                        t0Var.init(e10, k10);
                        keyManagerFactory = t0Var;
                    }
                    k0Var = y0.w(keyManagerFactory, str);
                    try {
                        try {
                            SSLContext.setCertificateCallback(j10, new b(g0Var, new j0(k0Var)));
                        } catch (Throwable th) {
                            th = th;
                            if (k0Var != null) {
                                k0Var.b();
                            }
                            throw th;
                        }
                    } catch (Exception e11) {
                        e = e11;
                        throw new SSLException("failed to set certificate and key", e);
                    }
                } else {
                    if (keyManagerFactory != null) {
                        throw new IllegalArgumentException("KeyManagerFactory not supported");
                    }
                    Objects.requireNonNull(x509CertificateArr2, "keyCertChain");
                    y0.y(j10, x509CertificateArr2, privateKey, str);
                    k0Var = null;
                }
                try {
                    try {
                        if (x509CertificateArr != null) {
                            trustManagerFactory = e1.f(x509CertificateArr, trustManagerFactory, str2);
                        } else if (trustManagerFactory == null) {
                            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                            trustManagerFactory.init((KeyStore) null);
                        }
                        X509TrustManager q10 = y0.q(trustManagerFactory.getTrustManagers());
                        E(j10, g0Var, q10);
                        X509Certificate[] acceptedIssuers = q10.getAcceptedIssuers();
                        if (acceptedIssuers != null && acceptedIssuers.length > 0) {
                            long j11 = 0;
                            try {
                                j11 = y0.B(na.k.f19785a, acceptedIssuers);
                                if (!SSLContext.setCACertificateBio(j10, j11)) {
                                    throw new SSLException("unable to setup accepted issuers for trustmanager " + q10);
                                }
                            } finally {
                                y0.s(j11);
                            }
                        }
                        if (io.grpc.netty.shaded.io.netty.util.internal.r.P() >= 8) {
                            SSLContext.setSniHostnameMatcher(j10, new c(g0Var));
                        }
                        n0 n0Var = new n0(y0Var, k0Var);
                        byte[] bArr = F;
                        Lock writeLock = y0Var.f17492w.writeLock();
                        writeLock.lock();
                        try {
                            SSLContext.setSessionIdContext(y0Var.f17481l, bArr);
                            return n0Var;
                        } finally {
                            writeLock.unlock();
                        }
                    } catch (SSLException e12) {
                        throw e12;
                    }
                } catch (Exception e13) {
                    throw new SSLException("unable to setup trustmanager", e13);
                }
            } catch (Exception e14) {
                e = e14;
            }
        } catch (Throwable th2) {
            th = th2;
            k0Var = null;
        }
    }

    private static void E(long j10, g0 g0Var, X509TrustManager x509TrustManager) {
        if (io.grpc.netty.shaded.io.netty.util.internal.r.P() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager)) {
            SSLContext.setCertVerifyCallback(j10, new a(g0Var, (X509ExtendedTrustManager) x509TrustManager));
        } else {
            SSLContext.setCertVerifyCallback(j10, new d(g0Var, x509TrustManager));
        }
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.y0
    public p0 x() {
        return this.E;
    }
}
