package io.netty.handler.ssl;

import F9.C0630f;
import io.netty.handler.ssl.C2901a;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManagerFactory;
import u9.AbstractC3822j;
import u9.C3825m;
import u9.InterfaceC3823k;

/* compiled from: SslContext.java */
/* loaded from: classes2.dex */
public abstract class l0 {
    static final String ALIAS = "key";
    static final CertificateFactory X509_CERT_FACTORY;
    private final boolean startTls;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: SslContext.java */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class a {
        static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$SslProvider;

        static {
            int[] iArr = new int[q0.values().length];
            $SwitchMap$io$netty$handler$ssl$SslProvider = iArr;
            try {
                iArr[q0.JDK.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$SslProvider[q0.OPENSSL.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$SslProvider[q0.OPENSSL_REFCNT.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    static {
        try {
            X509_CERT_FACTORY = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e10) {
            throw new IllegalStateException("unable to instance X.509 CertificateFactory", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public l0() {
        this(false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public l0(boolean z10) {
        this.startTls = z10;
    }

    static KeyManagerFactory buildKeyManagerFactory(KeyStore keyStore, String str, char[] cArr, KeyManagerFactory keyManagerFactory) {
        if (keyManagerFactory == null) {
            keyManagerFactory = KeyManagerFactory.getInstance(str);
        }
        keyManagerFactory.init(keyStore, cArr);
        return keyManagerFactory;
    }

    static KeyManagerFactory buildKeyManagerFactory(X509Certificate[] x509CertificateArr, String str, PrivateKey privateKey, String str2, KeyManagerFactory keyManagerFactory) {
        char[] keyStorePassword = keyStorePassword(str2);
        return buildKeyManagerFactory(buildKeyStore(x509CertificateArr, privateKey, keyStorePassword), str, keyStorePassword, keyManagerFactory);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyManagerFactory buildKeyManagerFactory(X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory) {
        return buildKeyManagerFactory(x509CertificateArr, KeyManagerFactory.getDefaultAlgorithm(), privateKey, str, keyManagerFactory);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore buildKeyStore(X509Certificate[] x509CertificateArr, PrivateKey privateKey, char[] cArr) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setKeyEntry(ALIAS, privateKey, cArr, x509CertificateArr);
        return keyStore;
    }

    @Deprecated
    protected static TrustManagerFactory buildTrustManagerFactory(File file, TrustManagerFactory trustManagerFactory) {
        return buildTrustManagerFactory(toX509Certificates(file), trustManagerFactory);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TrustManagerFactory buildTrustManagerFactory(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        int i10 = 1;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            keyStore.setCertificateEntry(Integer.toString(i10), x509Certificate);
            i10++;
        }
        if (trustManagerFactory == null) {
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        }
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    public static q0 defaultClientProvider() {
        return defaultProvider();
    }

    private static q0 defaultProvider() {
        return B.isAvailable() ? q0.OPENSSL : q0.JDK;
    }

    public static q0 defaultServerProvider() {
        return defaultProvider();
    }

    protected static PKCS8EncodedKeySpec generateKeySpec(char[] cArr, byte[] bArr) {
        if (cArr == null) {
            return new PKCS8EncodedKeySpec(bArr);
        }
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
        SecretKey generateSecret = SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(cArr));
        Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
        cipher.init(2, generateSecret, encryptedPrivateKeyInfo.getAlgParameters());
        return encryptedPrivateKeyInfo.getKeySpec(cipher);
    }

    private static X509Certificate[] getCertificatesFromBuffers(AbstractC3822j[] abstractC3822jArr) {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Certificate[] x509CertificateArr = new X509Certificate[abstractC3822jArr.length];
        int i10 = 0;
        for (int i11 = 0; i11 < abstractC3822jArr.length; i11++) {
            try {
                C3825m c3825m = new C3825m(abstractC3822jArr[i11], false);
                try {
                    x509CertificateArr[i11] = (X509Certificate) certificateFactory.generateCertificate(c3825m);
                    try {
                        c3825m.close();
                    } catch (IOException e10) {
                        throw new RuntimeException(e10);
                    }
                } catch (Throwable th) {
                    try {
                        c3825m.close();
                        throw th;
                    } catch (IOException e11) {
                        throw new RuntimeException(e11);
                    }
                }
            } finally {
                int length = abstractC3822jArr.length;
                while (i10 < length) {
                    abstractC3822jArr[i10].release();
                    i10++;
                }
            }
        }
        return x509CertificateArr;
    }

    private static PrivateKey getPrivateKeyFromByteBuffer(AbstractC3822j abstractC3822j, String str) {
        byte[] bArr = new byte[abstractC3822j.readableBytes()];
        abstractC3822j.readBytes(bArr).release();
        PKCS8EncodedKeySpec generateKeySpec = generateKeySpec(str == null ? null : str.toCharArray(), bArr);
        try {
            try {
                try {
                    return KeyFactory.getInstance("RSA").generatePrivate(generateKeySpec);
                } catch (InvalidKeySpecException unused) {
                    return KeyFactory.getInstance("DSA").generatePrivate(generateKeySpec);
                }
            } catch (InvalidKeySpecException e10) {
                throw new InvalidKeySpecException("Neither RSA, DSA nor EC worked", e10);
            }
        } catch (InvalidKeySpecException unused2) {
            return KeyFactory.getInstance("EC").generatePrivate(generateKeySpec);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static char[] keyStorePassword(String str) {
        return str == null ? C0630f.EMPTY_CHARS : str.toCharArray();
    }

    @Deprecated
    public static l0 newClientContext() {
        return newClientContext(null, null, null);
    }

    @Deprecated
    public static l0 newClientContext(q0 q0Var) {
        return newClientContext(q0Var, null, null);
    }

    @Deprecated
    public static l0 newClientContext(q0 q0Var, File file) {
        return newClientContext(q0Var, file, null);
    }

    @Deprecated
    public static l0 newClientContext(q0 q0Var, File file, TrustManagerFactory trustManagerFactory) {
        return newClientContext(q0Var, file, trustManagerFactory, null, C2912l.INSTANCE, null, 0L, 0L);
    }

    @Deprecated
    public static l0 newClientContext(q0 q0Var, File file, TrustManagerFactory trustManagerFactory, File file2, File file3, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, InterfaceC2905e interfaceC2905e, C2901a c2901a, long j10, long j11) {
        try {
            return newClientContextInternal(q0Var, null, toX509Certificates(file), trustManagerFactory, toX509Certificates(file2), toPrivateKey(file3, str), str, keyManagerFactory, iterable, interfaceC2905e, c2901a, null, j10, j11, false);
        } catch (Exception e10) {
            if (e10 instanceof SSLException) {
                throw ((SSLException) e10);
            }
            throw new SSLException("failed to initialize the client-side SSL context", e10);
        }
    }

    @Deprecated
    public static l0 newClientContext(q0 q0Var, File file, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, InterfaceC2905e interfaceC2905e, C2901a c2901a, long j10, long j11) {
        return newClientContext(q0Var, file, trustManagerFactory, null, null, null, null, iterable, interfaceC2905e, c2901a, j10, j11);
    }

    @Deprecated
    public static l0 newClientContext(q0 q0Var, File file, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, Iterable<String> iterable2, long j10, long j11) {
        return newClientContext(q0Var, file, trustManagerFactory, null, null, null, null, iterable, C2912l.INSTANCE, toApplicationProtocolConfig(iterable2), j10, j11);
    }

    @Deprecated
    public static l0 newClientContext(q0 q0Var, TrustManagerFactory trustManagerFactory) {
        return newClientContext(q0Var, null, trustManagerFactory);
    }

    @Deprecated
    public static l0 newClientContext(File file) {
        return newClientContext((q0) null, file);
    }

    @Deprecated
    public static l0 newClientContext(File file, TrustManagerFactory trustManagerFactory) {
        return newClientContext(null, file, trustManagerFactory);
    }

    @Deprecated
    public static l0 newClientContext(File file, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, InterfaceC2905e interfaceC2905e, C2901a c2901a, long j10, long j11) {
        return newClientContext(null, file, trustManagerFactory, iterable, interfaceC2905e, c2901a, j10, j11);
    }

    @Deprecated
    public static l0 newClientContext(File file, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, Iterable<String> iterable2, long j10, long j11) {
        return newClientContext((q0) null, file, trustManagerFactory, iterable, iterable2, j10, j11);
    }

    @Deprecated
    public static l0 newClientContext(TrustManagerFactory trustManagerFactory) {
        return newClientContext(null, null, trustManagerFactory);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static l0 newClientContextInternal(q0 q0Var, Provider provider, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, InterfaceC2905e interfaceC2905e, C2901a c2901a, String[] strArr, long j10, long j11, boolean z10) {
        q0 defaultClientProvider = q0Var == null ? defaultClientProvider() : q0Var;
        int i10 = a.$SwitchMap$io$netty$handler$ssl$SslProvider[defaultClientProvider.ordinal()];
        if (i10 == 1) {
            if (!z10) {
                return new C2921v(provider, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, interfaceC2905e, c2901a, strArr, j10, j11);
            }
            throw new IllegalArgumentException("OCSP is not supported with this SslProvider: " + defaultClientProvider);
        }
        if (i10 == 2) {
            verifyNullSslContextProvider(defaultClientProvider, provider);
            return new F(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, interfaceC2905e, c2901a, strArr, j10, j11, z10);
        }
        if (i10 != 3) {
            throw new Error(defaultClientProvider.toString());
        }
        verifyNullSslContextProvider(defaultClientProvider, provider);
        return new e0(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, interfaceC2905e, c2901a, strArr, j10, j11, z10);
    }

    @Deprecated
    public static l0 newServerContext(q0 q0Var, File file, File file2) {
        return newServerContext(q0Var, file, file2, null);
    }

    @Deprecated
    public static l0 newServerContext(q0 q0Var, File file, File file2, String str) {
        return newServerContext(q0Var, file, file2, str, (Iterable<String>) null, C2912l.INSTANCE, (C2901a) null, 0L, 0L);
    }

    @Deprecated
    public static l0 newServerContext(q0 q0Var, File file, File file2, String str, Iterable<String> iterable, InterfaceC2905e interfaceC2905e, C2901a c2901a, long j10, long j11) {
        return newServerContext(q0Var, null, null, file, file2, str, null, iterable, interfaceC2905e, c2901a, j10, j11);
    }

    @Deprecated
    public static l0 newServerContext(q0 q0Var, File file, File file2, String str, Iterable<String> iterable, Iterable<String> iterable2, long j10, long j11) {
        return newServerContext(q0Var, file, file2, str, iterable, C2912l.INSTANCE, toApplicationProtocolConfig(iterable2), j10, j11);
    }

    @Deprecated
    public static l0 newServerContext(q0 q0Var, File file, File file2, String str, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, Iterable<String> iterable2, long j10, long j11) {
        return newServerContext(q0Var, null, trustManagerFactory, file, file2, str, null, iterable, C2912l.INSTANCE, toApplicationProtocolConfig(iterable2), j10, j11);
    }

    @Deprecated
    public static l0 newServerContext(q0 q0Var, File file, TrustManagerFactory trustManagerFactory, File file2, File file3, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, InterfaceC2905e interfaceC2905e, C2901a c2901a, long j10, long j11) {
        try {
            return newServerContextInternal(q0Var, null, toX509Certificates(file), trustManagerFactory, toX509Certificates(file2), toPrivateKey(file3, str), str, keyManagerFactory, iterable, interfaceC2905e, c2901a, j10, j11, EnumC2906f.NONE, null, false, false);
        } catch (Exception e10) {
            if (e10 instanceof SSLException) {
                throw ((SSLException) e10);
            }
            throw new SSLException("failed to initialize the server-side SSL context", e10);
        }
    }

    @Deprecated
    public static l0 newServerContext(File file, File file2) {
        return newServerContext(file, file2, (String) null);
    }

    @Deprecated
    public static l0 newServerContext(File file, File file2, String str) {
        return newServerContext(null, file, file2, str);
    }

    @Deprecated
    public static l0 newServerContext(File file, File file2, String str, Iterable<String> iterable, InterfaceC2905e interfaceC2905e, C2901a c2901a, long j10, long j11) {
        return newServerContext((q0) null, file, file2, str, iterable, interfaceC2905e, c2901a, j10, j11);
    }

    @Deprecated
    public static l0 newServerContext(File file, File file2, String str, Iterable<String> iterable, Iterable<String> iterable2, long j10, long j11) {
        return newServerContext((q0) null, file, file2, str, iterable, iterable2, j10, j11);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static l0 newServerContextInternal(q0 q0Var, Provider provider, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, InterfaceC2905e interfaceC2905e, C2901a c2901a, long j10, long j11, EnumC2906f enumC2906f, String[] strArr, boolean z10, boolean z11) {
        q0 defaultServerProvider = q0Var == null ? defaultServerProvider() : q0Var;
        int i10 = a.$SwitchMap$io$netty$handler$ssl$SslProvider[defaultServerProvider.ordinal()];
        if (i10 == 1) {
            if (!z11) {
                return new C2924y(provider, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, interfaceC2905e, c2901a, j10, j11, enumC2906f, strArr, z10);
            }
            throw new IllegalArgumentException("OCSP is not supported with this SslProvider: " + defaultServerProvider);
        }
        if (i10 == 2) {
            verifyNullSslContextProvider(defaultServerProvider, provider);
            return new P(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, interfaceC2905e, c2901a, j10, j11, enumC2906f, strArr, z10, z11);
        }
        if (i10 != 3) {
            throw new Error(defaultServerProvider.toString());
        }
        verifyNullSslContextProvider(defaultServerProvider, provider);
        return new h0(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, interfaceC2905e, c2901a, j10, j11, enumC2906f, strArr, z10, z11);
    }

    static C2901a toApplicationProtocolConfig(Iterable<String> iterable) {
        return iterable == null ? C2901a.DISABLED : new C2901a(C2901a.EnumC0461a.NPN_AND_ALPN, C2901a.c.CHOOSE_MY_LAST_PROTOCOL, C2901a.b.ACCEPT, iterable);
    }

    static PrivateKey toPrivateKey(File file, String str) {
        if (file == null) {
            return null;
        }
        return getPrivateKeyFromByteBuffer(b0.readPrivateKey(file), str);
    }

    static PrivateKey toPrivateKey(InputStream inputStream, String str) {
        if (inputStream == null) {
            return null;
        }
        return getPrivateKeyFromByteBuffer(b0.readPrivateKey(inputStream), str);
    }

    static PrivateKey toPrivateKeyInternal(File file, String str) {
        try {
            return toPrivateKey(file, str);
        } catch (Exception e10) {
            throw new SSLException(e10);
        }
    }

    static X509Certificate[] toX509Certificates(File file) {
        if (file == null) {
            return null;
        }
        return getCertificatesFromBuffers(b0.readCertificates(file));
    }

    static X509Certificate[] toX509Certificates(InputStream inputStream) {
        if (inputStream == null) {
            return null;
        }
        return getCertificatesFromBuffers(b0.readCertificates(inputStream));
    }

    static X509Certificate[] toX509CertificatesInternal(File file) {
        try {
            return toX509Certificates(file);
        } catch (CertificateException e10) {
            throw new SSLException(e10);
        }
    }

    private static void verifyNullSslContextProvider(q0 q0Var, Provider provider) {
        if (provider == null) {
            return;
        }
        throw new IllegalArgumentException("Java Security Provider unsupported for SslProvider: " + q0Var);
    }

    public abstract InterfaceC2902b applicationProtocolNegotiator();

    public abstract List<String> cipherSuites();

    public abstract boolean isClient();

    public final boolean isServer() {
        return !isClient();
    }

    public abstract SSLEngine newEngine(InterfaceC3823k interfaceC3823k);

    public abstract SSLEngine newEngine(InterfaceC3823k interfaceC3823k, String str, int i10);

    public final o0 newHandler(InterfaceC3823k interfaceC3823k) {
        return newHandler(interfaceC3823k, this.startTls);
    }

    public final o0 newHandler(InterfaceC3823k interfaceC3823k, String str, int i10) {
        return newHandler(interfaceC3823k, str, i10, this.startTls);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public o0 newHandler(InterfaceC3823k interfaceC3823k, String str, int i10, boolean z10) {
        return new o0(newEngine(interfaceC3823k, str, i10), z10);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public o0 newHandler(InterfaceC3823k interfaceC3823k, boolean z10) {
        return new o0(newEngine(interfaceC3823k), z10);
    }

    @Deprecated
    public final List<String> nextProtocols() {
        return applicationProtocolNegotiator().protocols();
    }

    public abstract long sessionCacheSize();

    public abstract SSLSessionContext sessionContext();

    public abstract long sessionTimeout();
}
