package io.grpc.netty.shaded.io.netty.handler.ssl;

import io.grpc.netty.shaded.io.netty.handler.ssl.ApplicationProtocolConfig;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSL;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSLContext;
import io.grpc.netty.shaded.io.netty.util.ResourceLeakDetector;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* compiled from: ReferenceCountedOpenSslContext.java */
/* loaded from: classes4.dex */
public abstract class y0 extends e1 implements io.grpc.netty.shaded.io.netty.util.r {
    private static final Integer B;

    /* renamed from: l, reason: collision with root package name */
    protected long f17481l;

    /* renamed from: m, reason: collision with root package name */
    private final List<String> f17482m;

    /* renamed from: n, reason: collision with root package name */
    private final z f17483n;

    /* renamed from: o, reason: collision with root package name */
    private final int f17484o;

    /* renamed from: p, reason: collision with root package name */
    private final io.grpc.netty.shaded.io.netty.util.u<y0> f17485p;

    /* renamed from: q, reason: collision with root package name */
    private final io.grpc.netty.shaded.io.netty.util.b f17486q;

    /* renamed from: r, reason: collision with root package name */
    final Certificate[] f17487r;

    /* renamed from: s, reason: collision with root package name */
    final ClientAuth f17488s;

    /* renamed from: t, reason: collision with root package name */
    final String[] f17489t;

    /* renamed from: u, reason: collision with root package name */
    final boolean f17490u;

    /* renamed from: v, reason: collision with root package name */
    final g0 f17491v;

    /* renamed from: w, reason: collision with root package name */
    final ReadWriteLock f17492w;

    /* renamed from: x, reason: collision with root package name */
    private volatile int f17493x;

    /* renamed from: y, reason: collision with root package name */
    private static final io.grpc.netty.shaded.io.netty.util.internal.logging.b f17479y = io.grpc.netty.shaded.io.netty.util.internal.logging.c.a(y0.class.getName());

    /* renamed from: z, reason: collision with root package name */
    private static final int f17480z = Math.max(1, io.grpc.netty.shaded.io.netty.util.internal.a0.d("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048));
    static final boolean A = io.grpc.netty.shaded.io.netty.util.internal.a0.c("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.useTasks", false);
    private static final ResourceLeakDetector<y0> C = io.grpc.netty.shaded.io.netty.util.s.b().c(y0.class);
    static final z D = new b();

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    class a extends io.grpc.netty.shaded.io.netty.util.b {
        a() {
        }

        @Override // io.grpc.netty.shaded.io.netty.util.b
        protected void deallocate() {
            y0 y0Var = y0.this;
            Lock writeLock = y0Var.f17492w.writeLock();
            writeLock.lock();
            try {
                long j10 = y0Var.f17481l;
                if (j10 != 0) {
                    if (y0Var.f17490u) {
                        SSLContext.disableOcsp(j10);
                    }
                    SSLContext.free(y0Var.f17481l);
                    y0Var.f17481l = 0L;
                    p0 x10 = y0Var.x();
                    if (x10 != null) {
                        x10.a();
                    }
                }
                writeLock.unlock();
                if (y0.this.f17485p != null) {
                    y0.this.f17485p.close(y0.this);
                }
            } catch (Throwable th) {
                writeLock.unlock();
                throw th;
            }
        }

        @Override // io.grpc.netty.shaded.io.netty.util.r
        public io.grpc.netty.shaded.io.netty.util.r touch(Object obj) {
            if (y0.this.f17485p != null) {
                y0.this.f17485p.a(obj);
            }
            return y0.this;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    static class b implements z {
        b() {
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.z
        public ApplicationProtocolConfig.SelectorFailureBehavior a() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.b
        public List<String> b() {
            return Collections.emptyList();
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.z
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior d() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.z
        public ApplicationProtocolConfig.Protocol protocol() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class c {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f17495a;

        /* renamed from: b, reason: collision with root package name */
        static final /* synthetic */ int[] f17496b;

        /* renamed from: c, reason: collision with root package name */
        static final /* synthetic */ int[] f17497c;

        static {
            int[] iArr = new int[ApplicationProtocolConfig.SelectedListenerFailureBehavior.values().length];
            f17497c = iArr;
            try {
                iArr[ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f17497c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[ApplicationProtocolConfig.SelectorFailureBehavior.values().length];
            f17496b = iArr2;
            try {
                iArr2[ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f17496b[ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr3 = new int[ApplicationProtocolConfig.Protocol.values().length];
            f17495a = iArr3;
            try {
                iArr3[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                f17495a[ApplicationProtocolConfig.Protocol.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                f17495a[ApplicationProtocolConfig.Protocol.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                f17495a[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    static abstract class d extends io.grpc.netty.shaded.io.netty.internal.tcnative.b {
        /* JADX INFO: Access modifiers changed from: package-private */
        public d(g0 g0Var) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    public static final class e implements g0 {

        /* renamed from: a, reason: collision with root package name */
        private final Map<Long, z0> f17498a;

        e(a aVar) {
            boolean z10 = io.grpc.netty.shaded.io.netty.util.internal.r.f17701v;
            this.f17498a = new ConcurrentHashMap();
        }

        public void a(z0 z0Var) {
            this.f17498a.put(Long.valueOf(z0Var.W()), z0Var);
        }

        public z0 b(long j10) {
            return this.f17498a.remove(Long.valueOf(j10));
        }
    }

    static {
        Integer num = null;
        try {
            String b10 = io.grpc.netty.shaded.io.netty.util.internal.a0.b("jdk.tls.ephemeralDHKeySize", null);
            if (b10 != null) {
                try {
                    num = Integer.valueOf(b10);
                } catch (NumberFormatException unused) {
                    f17479y.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + b10);
                }
            }
        } catch (Throwable unused2) {
        }
        B = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public y0(Iterable<String> iterable, io.grpc.netty.shaded.io.netty.handler.ssl.e eVar, ApplicationProtocolConfig applicationProtocolConfig, long j10, long j11, int i10, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z10, boolean z11, boolean z12) {
        this(iterable, eVar, C(applicationProtocolConfig), j10, j11, i10, certificateArr, clientAuth, strArr, z10, z11, z12);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public y0(Iterable<String> iterable, io.grpc.netty.shaded.io.netty.handler.ssl.e eVar, z zVar, long j10, long j11, int i10, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z10, boolean z11, boolean z12) {
        super(z10);
        ClientAuth clientAuth2;
        this.f17486q = new a();
        this.f17491v = new e(null);
        this.f17492w = new ReentrantReadWriteLock();
        this.f17493x = f17480z;
        y.c();
        if (z11 && !y.g()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i10 != 1 && i10 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.f17485p = z12 ? C.h(this) : null;
        this.f17484o = i10;
        if (j()) {
            Objects.requireNonNull(clientAuth, "clientAuth");
            clientAuth2 = clientAuth;
        } else {
            clientAuth2 = ClientAuth.NONE;
        }
        this.f17488s = clientAuth2;
        this.f17489t = strArr;
        this.f17490u = z11;
        this.f17487r = certificateArr != null ? (Certificate[]) certificateArr.clone() : null;
        Objects.requireNonNull(eVar, "cipherFilter");
        List<String> asList = Arrays.asList(eVar.a(iterable, y.f17469c, y.a()));
        this.f17482m = asList;
        Objects.requireNonNull(zVar, "apn");
        this.f17483n = zVar;
        try {
            boolean h10 = y.h();
            try {
                this.f17481l = SSLContext.make(h10 ? 62 : 30, i10);
                StringBuilder sb2 = new StringBuilder();
                StringBuilder sb3 = new StringBuilder();
                try {
                    try {
                        int i11 = 0;
                        if (asList.isEmpty()) {
                            SSLContext.setCipherSuite(this.f17481l, "", false);
                            if (h10) {
                                SSLContext.setCipherSuite(this.f17481l, "", true);
                            }
                        } else {
                            io.grpc.netty.shaded.io.netty.handler.ssl.d.a(asList, sb2, sb3, y.e());
                            SSLContext.setCipherSuite(this.f17481l, sb2.toString(), false);
                            if (h10) {
                                SSLContext.setCipherSuite(this.f17481l, sb3.toString(), true);
                            }
                        }
                        int options = SSLContext.getOptions(this.f17481l);
                        int i12 = SSL.f17537b;
                        int i13 = SSL.f17538c;
                        int i14 = options | i12 | i13 | SSL.f17536a | SSL.f17544i | SSL.f17543h;
                        SSLContext.setOptions(this.f17481l, sb2.length() == 0 ? i14 | i12 | i13 | SSL.f17539d | SSL.f17540e | SSL.f17541f : i14);
                        long j12 = this.f17481l;
                        SSLContext.setMode(j12, SSLContext.getMode(j12) | SSL.f17546k);
                        Integer num = B;
                        if (num != null) {
                            SSLContext.setTmpDHLength(this.f17481l, num.intValue());
                        }
                        List<String> b10 = zVar.b();
                        if (!b10.isEmpty()) {
                            String[] strArr2 = (String[]) b10.toArray(new String[0]);
                            int i15 = c.f17496b[zVar.a().ordinal()];
                            if (i15 != 1) {
                                if (i15 != 2) {
                                    throw new Error();
                                }
                                i11 = 1;
                            }
                            int i16 = c.f17495a[zVar.protocol().ordinal()];
                            if (i16 == 1) {
                                SSLContext.setNpnProtos(this.f17481l, strArr2, i11);
                            } else if (i16 == 2) {
                                SSLContext.setAlpnProtos(this.f17481l, strArr2, i11);
                            } else {
                                if (i16 != 3) {
                                    throw new Error();
                                }
                                SSLContext.setNpnProtos(this.f17481l, strArr2, i11);
                                SSLContext.setAlpnProtos(this.f17481l, strArr2, i11);
                            }
                        }
                        SSLContext.setSessionCacheSize(this.f17481l, j10 <= 0 ? SSLContext.setSessionCacheSize(this.f17481l, 20480L) : j10);
                        SSLContext.setSessionCacheTimeout(this.f17481l, j11 <= 0 ? SSLContext.setSessionCacheTimeout(this.f17481l, 300L) : j11);
                        if (z11) {
                            SSLContext.enableOcsp(this.f17481l, i());
                        }
                        SSLContext.setUseTasks(this.f17481l, A);
                    } catch (SSLException e10) {
                        throw e10;
                    }
                } catch (Exception e11) {
                    throw new SSLException("failed to set cipher suite: " + this.f17482m, e11);
                }
            } catch (Exception e12) {
                throw new SSLException("failed to create an SSL_CTX", e12);
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long A(na.k kVar, PrivateKey privateKey) {
        if (privateKey == null) {
            return 0L;
        }
        v0 pem = PemPrivateKey.toPEM(kVar, true, privateKey);
        try {
            return z(kVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long B(na.k kVar, X509Certificate... x509CertificateArr) {
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        v0 pem = PemX509Certificate.toPEM(kVar, true, x509CertificateArr);
        try {
            return z(kVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static z C(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return D;
        }
        int i10 = c.f17495a[applicationProtocolConfig.a().ordinal()];
        if (i10 != 1 && i10 != 2 && i10 != 3) {
            if (i10 == 4) {
                return D;
            }
            throw new Error();
        }
        int i11 = c.f17497c[applicationProtocolConfig.b().ordinal()];
        if (i11 != 1 && i11 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.b() + " behavior");
        }
        int i12 = c.f17496b[applicationProtocolConfig.c().ordinal()];
        if (i12 == 1 || i12 == 2) {
            return new e0(applicationProtocolConfig);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.c() + " behavior");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager q(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return io.grpc.netty.shaded.io.netty.util.internal.r.P() >= 7 ? u0.a((X509TrustManager) trustManager) : (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager r(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void s(long j10) {
        if (j10 != 0) {
            SSL.freeBIO(j10);
        }
    }

    private static long u(na.j jVar) {
        try {
            long newMemBIO = SSL.newMemBIO();
            int e12 = jVar.e1();
            if (SSL.bioWrite(newMemBIO, y.j(jVar) + jVar.f1(), e12) == e12) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static k0 w(KeyManagerFactory keyManagerFactory, String str) {
        return keyManagerFactory instanceof t0 ? ((t0) keyManagerFactory).a() : keyManagerFactory instanceof b0 ? ((b0) keyManagerFactory).a(str) : new k0(r(keyManagerFactory.getKeyManagers()), str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void y(long j10, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) {
        long j11;
        long j12;
        long j13 = 0;
        v0 v0Var = null;
        try {
            try {
                na.k kVar = na.k.f19785a;
                v0Var = PemX509Certificate.toPEM(kVar, true, x509CertificateArr);
                j12 = z(kVar, v0Var.retain());
                try {
                    long z10 = z(kVar, v0Var.retain());
                    if (privateKey != null) {
                        try {
                            j13 = A(kVar, privateKey);
                        } catch (SSLException e10) {
                            throw e10;
                        } catch (Exception e11) {
                            e = e11;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j10, j12, j13, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j10, z10, true);
                        s(j13);
                        s(j12);
                        s(z10);
                        v0Var.release();
                    } catch (SSLException e12) {
                        throw e12;
                    } catch (Exception e13) {
                        e = e13;
                        throw new SSLException("failed to set certificate and key", e);
                    } catch (Throwable th) {
                        th = th;
                        j11 = z10;
                        s(j13);
                        s(j12);
                        s(j11);
                        if (v0Var != null) {
                            v0Var.release();
                        }
                        throw th;
                    }
                } catch (SSLException e14) {
                    throw e14;
                } catch (Exception e15) {
                    e = e15;
                } catch (Throwable th2) {
                    th = th2;
                    j11 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e16) {
            throw e16;
        } catch (Exception e17) {
            e = e17;
        } catch (Throwable th4) {
            th = th4;
            j11 = 0;
            j12 = 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long z(na.k kVar, v0 v0Var) {
        try {
            na.j content = v0Var.content();
            if (content.x0()) {
                return u(content.k1());
            }
            na.j h10 = kVar.h(content.e1());
            try {
                h10.O1(content, content.f1(), content.e1());
                long u10 = u(h10.k1());
                try {
                    if (v0Var.isSensitive()) {
                        m1.k(h10);
                    }
                    return u10;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (v0Var.isSensitive()) {
                        m1.k(h10);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            v0Var.release();
        }
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.e1
    public io.grpc.netty.shaded.io.netty.handler.ssl.b a() {
        return this.f17483n;
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.e1
    public final boolean i() {
        return this.f17484o == 0;
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.e1
    public final SSLEngine m(na.k kVar, String str, int i10) {
        return v(kVar, str, i10, true);
    }

    @Override // io.grpc.netty.shaded.io.netty.util.r
    public final int refCnt() {
        return this.f17486q.refCnt();
    }

    @Override // io.grpc.netty.shaded.io.netty.util.r
    public final boolean release() {
        return this.f17486q.release();
    }

    @Override // io.grpc.netty.shaded.io.netty.util.r
    public final io.grpc.netty.shaded.io.netty.util.r retain() {
        this.f17486q.retain();
        return this;
    }

    public int t() {
        return this.f17493x;
    }

    @Override // io.grpc.netty.shaded.io.netty.util.r
    public final io.grpc.netty.shaded.io.netty.util.r touch(Object obj) {
        this.f17486q.touch(obj);
        return this;
    }

    SSLEngine v(na.k kVar, String str, int i10, boolean z10) {
        return new z0(this, kVar, str, i10, z10, true);
    }

    public abstract p0 x();
}
