package io.grpc.netty.shaded.io.netty.handler.ssl;

import io.grpc.netty.shaded.io.netty.handler.ssl.s1;
import io.grpc.netty.shaded.io.netty.internal.tcnative.CertificateCallback;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSL;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSLContext;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes6.dex */
public final class r1 extends s1 {
    public static final Set<String> A0 = Collections.unmodifiableSet(new LinkedHashSet(Arrays.asList("RSA", z0.f20930c, "EC", z0.f20933f, z0.f20932e)));

    /* renamed from: z0, reason: collision with root package name */
    public final g1 f20791z0;

    @io.grpc.netty.shaded.io.netty.util.internal.m0(reason = "Usage guarded by java version check")
    /* loaded from: classes6.dex */
    public static final class a extends s1.d {

        /* renamed from: q0, reason: collision with root package name */
        public final X509ExtendedTrustManager f20792q0;

        public a(x0 x0Var, X509ExtendedTrustManager x509ExtendedTrustManager) {
            super(x0Var);
            this.f20792q0 = x509ExtendedTrustManager;
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.s1.d
        public void d(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine, X509Certificate[] x509CertificateArr, String str) throws Exception {
            this.f20792q0.checkServerTrusted(x509CertificateArr, str, referenceCountedOpenSslEngine);
        }
    }

    /* loaded from: classes6.dex */
    public static final class b implements CertificateCallback {

        /* renamed from: h, reason: collision with root package name */
        public final x0 f20793h;

        /* renamed from: i, reason: collision with root package name */
        public final z0 f20794i;

        public b(x0 x0Var, z0 z0Var) {
            this.f20793h = x0Var;
            this.f20794i = z0Var;
        }

        public static String b(byte b10) {
            if (b10 == 1) {
                return "RSA";
            }
            if (b10 == 3) {
                return z0.f20930c;
            }
            switch (b10) {
                case 64:
                    return "EC";
                case 65:
                    return z0.f20933f;
                case 66:
                    return z0.f20932e;
                default:
                    return null;
            }
        }

        public static Set<String> c(byte[] bArr) {
            if (bArr == null) {
                return r1.A0;
            }
            HashSet hashSet = new HashSet(bArr.length);
            for (byte b10 : bArr) {
                String b11 = b(b10);
                if (b11 != null) {
                    hashSet.add(b11);
                }
            }
            return hashSet;
        }

        @Override // io.grpc.netty.shaded.io.netty.internal.tcnative.CertificateCallback
        public void a(long j10, byte[] bArr, byte[][] bArr2) throws Exception {
            X500Principal[] x500PrincipalArr;
            ReferenceCountedOpenSslEngine M = this.f20793h.M(j10);
            if (M == null) {
                return;
            }
            try {
                String[] strArr = (String[]) c(bArr).toArray(io.grpc.netty.shaded.io.netty.util.internal.h.f21451f);
                if (bArr2 == null) {
                    x500PrincipalArr = null;
                } else {
                    x500PrincipalArr = new X500Principal[bArr2.length];
                    for (int i10 = 0; i10 < bArr2.length; i10++) {
                        x500PrincipalArr[i10] = new X500Principal(bArr2[i10]);
                    }
                }
                this.f20794i.d(M, strArr, x500PrincipalArr);
            } catch (Throwable th) {
                M.Q(th);
                if (!(th instanceof Exception)) {
                    throw new SSLException(th);
                }
                throw th;
            }
        }
    }

    /* loaded from: classes6.dex */
    public static final class c extends g1 {
        public c(s1 s1Var, a1 a1Var) {
            super(s1Var, a1Var, SSL.D, new s0(s1Var.f20819r));
        }
    }

    /* loaded from: classes6.dex */
    public static final class d extends s1.d {

        /* renamed from: q0, reason: collision with root package name */
        public final X509TrustManager f20795q0;

        public d(x0 x0Var, X509TrustManager x509TrustManager) {
            super(x0Var);
            this.f20795q0 = x509TrustManager;
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.s1.d
        public void d(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine, X509Certificate[] x509CertificateArr, String str) throws Exception {
            this.f20795q0.checkServerTrusted(x509CertificateArr, str);
        }
    }

    public r1(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, m mVar, ApplicationProtocolConfig applicationProtocolConfig, String[] strArr, long j10, long j11, boolean z10, String str2, Map.Entry<c2<?>, Object>... entryArr) throws SSLException {
        super(iterable, mVar, s1.x1(applicationProtocolConfig), 0, x509CertificateArr2, ClientAuth.NONE, strArr, false, z10, true, entryArr);
        try {
            try {
                try {
                    this.f20791z0 = B1(this, this.f20808g, this.f20819r, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, str2, j10, j11);
                } catch (Throwable th) {
                    th = th;
                    release();
                    throw th;
                }
            } catch (Throwable th2) {
                th = th2;
            }
        } catch (Throwable th3) {
            th = th3;
        }
    }

    public static g1 B1(s1 s1Var, long j10, x0 x0Var, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, String str2, long j11, long j12) throws SSLException {
        a1 f12;
        TrustManagerFactory trustManagerFactory2;
        if ((privateKey == null && x509CertificateArr2 != null) || (privateKey != null && x509CertificateArr2 == null)) {
            throw new IllegalArgumentException("Either both keyCertChain and key needs to be null or none of them");
        }
        a1 a1Var = null;
        try {
            try {
                if (l0.z()) {
                    if (keyManagerFactory != null || x509CertificateArr2 == null) {
                        f12 = keyManagerFactory != null ? s1.f1(keyManagerFactory, str) : null;
                    } else {
                        char[] y10 = a2.y(str);
                        KeyStore e10 = a2.e(x509CertificateArr2, privateKey, y10, str2);
                        KeyManagerFactory k1Var = e10.aliases().hasMoreElements() ? new k1() : new p0(KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()));
                        k1Var.init(e10, y10);
                        f12 = s1.f1(k1Var, str);
                    }
                    if (f12 != null) {
                        try {
                            try {
                                SSLContext.setCertificateCallback(j10, new b(x0Var, new z0(f12)));
                            } catch (Exception e11) {
                                e = e11;
                                throw new SSLException("failed to set certificate and key", e);
                            }
                        } catch (Throwable th) {
                            th = th;
                            a1Var = f12;
                            if (a1Var != null) {
                                a1Var.b();
                            }
                            throw th;
                        }
                    }
                } else {
                    if (keyManagerFactory != null) {
                        throw new IllegalArgumentException("KeyManagerFactory not supported");
                    }
                    if (x509CertificateArr2 != null) {
                        s1.l1(j10, x509CertificateArr2, privateKey, str);
                    }
                    f12 = null;
                }
                SSLContext.setVerify(j10, 1, 10);
                try {
                    if (x509CertificateArr != null) {
                        trustManagerFactory2 = a2.h(x509CertificateArr, trustManagerFactory, str2);
                    } else if (trustManagerFactory == null) {
                        trustManagerFactory2 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory2.init((KeyStore) null);
                    } else {
                        trustManagerFactory2 = trustManagerFactory;
                    }
                    C1(j10, x0Var, s1.P0(trustManagerFactory2.getTrustManagers()));
                    c cVar = new c(s1Var, f12);
                    cVar.f(s1.Z);
                    if (j11 > 0) {
                        cVar.setSessionCacheSize((int) Math.min(j11, 2147483647L));
                    }
                    if (j12 > 0) {
                        cVar.setSessionTimeout((int) Math.min(j12, 2147483647L));
                    }
                    if (s1.L) {
                        cVar.i(new j1[0]);
                    }
                    return cVar;
                } catch (Exception e12) {
                    if (f12 != null) {
                        f12.b();
                    }
                    throw new SSLException("unable to setup trustmanager", e12);
                }
            } catch (Throwable th2) {
                th = th2;
            }
        } catch (Exception e13) {
            e = e13;
        }
    }

    @io.grpc.netty.shaded.io.netty.util.internal.m0(reason = "Guarded by java version check")
    public static void C1(long j10, x0 x0Var, X509TrustManager x509TrustManager) {
        if (s1.y1(x509TrustManager)) {
            SSLContext.setCertVerifyCallback(j10, new a(x0Var, (X509ExtendedTrustManager) x509TrustManager));
        } else {
            SSLContext.setCertVerifyCallback(j10, new d(x0Var, x509TrustManager));
        }
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.s1
    /* renamed from: h1 */
    public g1 t0() {
        return this.f20791z0;
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.s1, io.grpc.netty.shaded.io.netty.handler.ssl.a2
    public SSLSessionContext t0() {
        return this.f20791z0;
    }
}
