package io.netty.handler.ssl;

import io.netty.buffer.AbstractByteBufAllocator;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.Unpooled;
import io.netty.handler.codec.base64.Base64;
import io.netty.handler.codec.base64.Base64Dialect;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.OpenSslX509KeyManagerFactory;
import io.netty.internal.tcnative.CertificateVerifier;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import io.netty.internal.tcnative.SSLPrivateKeyMethod;
import io.netty.util.AbstractReferenceCounted;
import io.netty.util.ReferenceCounted;
import io.netty.util.ResourceLeakDetector;
import io.netty.util.ResourceLeakDetectorFactory;
import io.netty.util.ResourceLeakTracker;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes6.dex */
public abstract class ReferenceCountedOpenSslContext extends SslContext implements ReferenceCounted {

    /* renamed from: M, reason: collision with root package name */
    public static final InternalLogger f22512M = InternalLoggerFactory.b(ReferenceCountedOpenSslContext.class.getName());

    /* renamed from: N, reason: collision with root package name */
    public static final int f22513N = ((Integer) AccessController.doPrivileged(new PrivilegedAction<Integer>() { // from class: io.netty.handler.ssl.ReferenceCountedOpenSslContext.1
        @Override // java.security.PrivilegedAction
        public final Integer run() {
            return Integer.valueOf(Math.max(1, SystemPropertyUtil.d("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048)));
        }
    })).intValue();

    /* renamed from: O, reason: collision with root package name */
    public static final boolean f22514O = SystemPropertyUtil.c("io.netty.handler.ssl.openssl.useTasks", false);

    /* renamed from: P, reason: collision with root package name */
    public static final Integer f22515P;

    /* renamed from: Q, reason: collision with root package name */
    public static final OpenSslApplicationProtocolNegotiator f22516Q;
    public final AbstractReferenceCounted H;
    public final Certificate[] I;
    public final DefaultOpenSslEngineMap J;
    public final ReentrantReadWriteLock K;

    /* renamed from: L, reason: collision with root package name */
    public volatile int f22517L;

    /* renamed from: b, reason: collision with root package name */
    public long f22518b;
    public final List<String> s;

    /* renamed from: x, reason: collision with root package name */
    public final OpenSslApplicationProtocolNegotiator f22519x;

    /* renamed from: y, reason: collision with root package name */
    public final ResourceLeakTracker<ReferenceCountedOpenSslContext> f22520y;

    /* renamed from: io.netty.handler.ssl.ReferenceCountedOpenSslContext$2, reason: invalid class name */
    /* loaded from: classes6.dex */
    public class AnonymousClass2 extends AbstractReferenceCounted {
        public AnonymousClass2() {
        }

        @Override // io.netty.util.AbstractReferenceCounted
        public final void J() {
            InternalLogger internalLogger = ReferenceCountedOpenSslContext.f22512M;
            ReferenceCountedOpenSslContext referenceCountedOpenSslContext = ReferenceCountedOpenSslContext.this;
            referenceCountedOpenSslContext.m();
            ResourceLeakTracker<ReferenceCountedOpenSslContext> resourceLeakTracker = referenceCountedOpenSslContext.f22520y;
            if (resourceLeakTracker != null) {
                resourceLeakTracker.c(referenceCountedOpenSslContext);
            }
        }

        @Override // io.netty.util.ReferenceCounted
        public final ReferenceCounted t(Object obj) {
            ReferenceCountedOpenSslContext referenceCountedOpenSslContext = ReferenceCountedOpenSslContext.this;
            ResourceLeakTracker<ReferenceCountedOpenSslContext> resourceLeakTracker = referenceCountedOpenSslContext.f22520y;
            if (resourceLeakTracker != null) {
                resourceLeakTracker.a(obj);
            }
            return referenceCountedOpenSslContext;
        }
    }

    /* renamed from: io.netty.handler.ssl.ReferenceCountedOpenSslContext$5, reason: invalid class name */
    /* loaded from: classes6.dex */
    public static /* synthetic */ class AnonymousClass5 {
        public static final /* synthetic */ int[] a;

        /* renamed from: b, reason: collision with root package name */
        public static final /* synthetic */ int[] f22522b;
        public static final /* synthetic */ int[] c;

        static {
            int[] iArr = new int[ApplicationProtocolConfig.SelectedListenerFailureBehavior.values().length];
            c = iArr;
            try {
                iArr[ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[ApplicationProtocolConfig.SelectorFailureBehavior.values().length];
            f22522b = iArr2;
            try {
                iArr2[ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f22522b[ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr3 = new int[ApplicationProtocolConfig.Protocol.values().length];
            a = iArr3;
            try {
                iArr3[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                a[ApplicationProtocolConfig.Protocol.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                a[ApplicationProtocolConfig.Protocol.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                a[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* loaded from: classes6.dex */
    public static abstract class AbstractCertificateVerifier extends CertificateVerifier {
        public AbstractCertificateVerifier(DefaultOpenSslEngineMap defaultOpenSslEngineMap) {
        }
    }

    /* loaded from: classes6.dex */
    public static final class DefaultOpenSslEngineMap implements OpenSslEngineMap {
        public final ConcurrentHashMap a;

        public DefaultOpenSslEngineMap() {
            InternalLogger internalLogger = PlatformDependent.a;
            this.a = new ConcurrentHashMap();
        }

        public /* synthetic */ DefaultOpenSslEngineMap(int i) {
            this();
        }

        public final void a(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) {
            long j3;
            ConcurrentHashMap concurrentHashMap = this.a;
            synchronized (referenceCountedOpenSslEngine) {
                j3 = referenceCountedOpenSslEngine.a;
            }
            concurrentHashMap.put(Long.valueOf(j3), referenceCountedOpenSslEngine);
        }

        public final ReferenceCountedOpenSslEngine b(long j3) {
            return (ReferenceCountedOpenSslEngine) this.a.remove(Long.valueOf(j3));
        }
    }

    /* loaded from: classes6.dex */
    public static final class PrivateKeyMethod implements SSLPrivateKeyMethod {
    }

    static {
        ResourceLeakDetectorFactory resourceLeakDetectorFactory = ResourceLeakDetectorFactory.f22707b;
        resourceLeakDetectorFactory.getClass();
        resourceLeakDetectorFactory.d(ReferenceCountedOpenSslContext.class, ResourceLeakDetector.h);
        f22516Q = new OpenSslApplicationProtocolNegotiator() { // from class: io.netty.handler.ssl.ReferenceCountedOpenSslContext.3
            @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
            public final ApplicationProtocolConfig.SelectorFailureBehavior a() {
                return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
            }

            @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
            public final ApplicationProtocolConfig.Protocol b() {
                return ApplicationProtocolConfig.Protocol.NONE;
            }

            @Override // io.netty.handler.ssl.ApplicationProtocolNegotiator
            public final List<String> c() {
                return Collections.emptyList();
            }

            @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
            public final ApplicationProtocolConfig.SelectedListenerFailureBehavior e() {
                return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
            }
        };
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: io.netty.handler.ssl.ReferenceCountedOpenSslContext.4
                @Override // java.security.PrivilegedAction
                public final String run() {
                    return SystemPropertyUtil.b("jdk.tls.ephemeralDHKeySize", null);
                }
            });
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    f22512M.y("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: ".concat(str));
                }
            }
        } catch (Throwable unused2) {
        }
        f22515P = num;
    }

    public ReferenceCountedOpenSslContext() {
        throw null;
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    /* JADX WARN: Removed duplicated region for block: B:23:0x00cf A[Catch: all -> 0x008d, TryCatch #3 {all -> 0x008d, blocks: (B:8:0x005a, B:11:0x0065, B:12:0x006b, B:14:0x0079, B:16:0x0080, B:18:0x0087, B:19:0x0089, B:21:0x00b1, B:23:0x00cf, B:24:0x00de, B:26:0x00f3, B:27:0x00fc, B:29:0x0106, B:33:0x0121, B:34:0x0126, B:36:0x0127, B:41:0x013a, B:42:0x0141, B:43:0x0145, B:44:0x014a, B:45:0x014b, B:46:0x014e, B:47:0x0153, B:49:0x0096, B:51:0x00aa, B:57:0x0175, B:58:0x0188, B:54:0x0189, B:62:0x018b, B:63:0x0192), top: B:7:0x005a, inners: #1, #4 }] */
    /* JADX WARN: Removed duplicated region for block: B:26:0x00f3 A[Catch: all -> 0x008d, TryCatch #3 {all -> 0x008d, blocks: (B:8:0x005a, B:11:0x0065, B:12:0x006b, B:14:0x0079, B:16:0x0080, B:18:0x0087, B:19:0x0089, B:21:0x00b1, B:23:0x00cf, B:24:0x00de, B:26:0x00f3, B:27:0x00fc, B:29:0x0106, B:33:0x0121, B:34:0x0126, B:36:0x0127, B:41:0x013a, B:42:0x0141, B:43:0x0145, B:44:0x014a, B:45:0x014b, B:46:0x014e, B:47:0x0153, B:49:0x0096, B:51:0x00aa, B:57:0x0175, B:58:0x0188, B:54:0x0189, B:62:0x018b, B:63:0x0192), top: B:7:0x005a, inners: #1, #4 }] */
    /* JADX WARN: Removed duplicated region for block: B:29:0x0106 A[Catch: all -> 0x008d, TryCatch #3 {all -> 0x008d, blocks: (B:8:0x005a, B:11:0x0065, B:12:0x006b, B:14:0x0079, B:16:0x0080, B:18:0x0087, B:19:0x0089, B:21:0x00b1, B:23:0x00cf, B:24:0x00de, B:26:0x00f3, B:27:0x00fc, B:29:0x0106, B:33:0x0121, B:34:0x0126, B:36:0x0127, B:41:0x013a, B:42:0x0141, B:43:0x0145, B:44:0x014a, B:45:0x014b, B:46:0x014e, B:47:0x0153, B:49:0x0096, B:51:0x00aa, B:57:0x0175, B:58:0x0188, B:54:0x0189, B:62:0x018b, B:63:0x0192), top: B:7:0x005a, inners: #1, #4 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public ReferenceCountedOpenSslContext(io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator r10, java.security.cert.Certificate[] r11, io.netty.handler.ssl.ClientAuth r12) {
        /*
            Method dump skipped, instructions count: 407
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.netty.handler.ssl.ReferenceCountedOpenSslContext.<init>(io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator, java.security.cert.Certificate[], io.netty.handler.ssl.ClientAuth):void");
    }

    public static long A(AbstractByteBufAllocator abstractByteBufAllocator, PemEncoded pemEncoded) {
        try {
            ByteBuf e2 = pemEncoded.e();
            if (e2.V1()) {
                return r(e2.N2());
            }
            ByteBuf o = abstractByteBufAllocator.o(e2.H2(), Integer.MAX_VALUE);
            try {
                o.v3(e2, e2.I2(), e2.H2());
                long r2 = r(o.N2());
                try {
                    if (pemEncoded.l0()) {
                        SslUtils.i(o);
                    }
                    return r2;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (pemEncoded.l0()) {
                        SslUtils.i(o);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            pemEncoded.release();
        }
    }

    public static long C(AbstractByteBufAllocator abstractByteBufAllocator, PrivateKey privateKey) {
        PemEncoded pemEncoded;
        if (privateKey == null) {
            return 0L;
        }
        byte[] bArr = PemPrivateKey.H;
        if (privateKey instanceof PemEncoded) {
            pemEncoded = ((PemEncoded) privateKey).a();
        } else {
            byte[] encoded = privateKey.getEncoded();
            if (encoded == null) {
                throw new IllegalArgumentException(privateKey.getClass().getName().concat(" does not support encoding"));
            }
            ByteBuf f = Unpooled.f(encoded);
            try {
                Set<String> set = SslUtils.a;
                ByteBuf a = Base64.a(f, f.I2(), f.H2(), true, Base64Dialect.STANDARD, abstractByteBufAllocator);
                f.J2(f.K3());
                try {
                    byte[] bArr2 = PemPrivateKey.H;
                    int length = bArr2.length + a.H2();
                    byte[] bArr3 = PemPrivateKey.I;
                    ByteBuf o = abstractByteBufAllocator.o(length + bArr3.length, Integer.MAX_VALUE);
                    try {
                        o.x3(bArr2);
                        o.u3(a);
                        o.x3(bArr3);
                        PemValue pemValue = new PemValue(o, true);
                        SslUtils.i(f);
                        f.release();
                        pemEncoded = pemValue;
                    } finally {
                    }
                } finally {
                    SslUtils.i(a);
                    a.release();
                }
            } catch (Throwable th) {
                SslUtils.i(f);
                f.release();
                throw th;
            }
        }
        try {
            return A(abstractByteBufAllocator, pemEncoded.a());
        } finally {
            pemEncoded.release();
        }
    }

    public static long D(AbstractByteBufAllocator abstractByteBufAllocator, X509Certificate... x509CertificateArr) {
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        PemEncoded d = PemX509Certificate.d(abstractByteBufAllocator, x509CertificateArr);
        try {
            return A(abstractByteBufAllocator, d.a());
        } finally {
            d.release();
        }
    }

    public static boolean E(X509TrustManager x509TrustManager) {
        return PlatformDependent.H() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    public static X509TrustManager l(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                if (PlatformDependent.H() < 7) {
                    return (X509TrustManager) trustManager;
                }
                return OpenSslX509TrustManagerWrapper.f22506b.a((X509TrustManager) trustManager);
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static void n(long j3) {
        if (j3 != 0) {
            SSL.freeBIO(j3);
        }
    }

    public static long r(ByteBuf byteBuf) {
        try {
            long newMemBIO = SSL.newMemBIO();
            int H22 = byteBuf.H2();
            if (SSL.bioWrite(newMemBIO, OpenSsl.i(byteBuf) + byteBuf.I2(), H22) == H22) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            byteBuf.release();
        }
    }

    public static OpenSslKeyMaterialProvider u(KeyManagerFactory keyManagerFactory) {
        if (keyManagerFactory instanceof OpenSslX509KeyManagerFactory) {
            OpenSslX509KeyManagerFactory.OpenSslKeyManagerFactorySpi.ProviderFactory providerFactory = ((OpenSslX509KeyManagerFactory) keyManagerFactory).a.f22504b;
            if (providerFactory != null) {
                return new OpenSslX509KeyManagerFactory.OpenSslKeyManagerFactorySpi.ProviderFactory.OpenSslPopulatedKeyMaterialProvider(providerFactory.a, providerFactory.f22505b, providerFactory.c);
            }
            throw new IllegalStateException("engineInit(...) not called yet");
        }
        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
            if (keyManager instanceof X509KeyManager) {
                X509KeyManager x509KeyManager = (X509KeyManager) keyManager;
                return keyManagerFactory instanceof OpenSslCachingX509KeyManagerFactory ? new OpenSslCachingKeyMaterialProvider(x509KeyManager) : new OpenSslKeyMaterialProvider(x509KeyManager, null);
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    public static void y(long j3, X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
        long j5;
        long j6;
        long j7 = 0;
        PemEncoded pemEncoded = null;
        try {
            try {
                AbstractByteBufAllocator abstractByteBufAllocator = ByteBufAllocator.a;
                pemEncoded = PemX509Certificate.d(abstractByteBufAllocator, x509CertificateArr);
                j6 = A(abstractByteBufAllocator, pemEncoded.a());
                try {
                    long A4 = A(abstractByteBufAllocator, pemEncoded.a());
                    if (privateKey != null) {
                        try {
                            j7 = C(abstractByteBufAllocator, privateKey);
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e4) {
                            e = e4;
                            throw new SSLException("failed to set certificate and key", e);
                        } catch (Throwable th) {
                            th = th;
                            j5 = A4;
                            n(j7);
                            n(j6);
                            n(j5);
                            if (pemEncoded != null) {
                                pemEncoded.release();
                            }
                            throw th;
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j3, j6, j7, "");
                        SSLContext.setCertificateChainBio(j3, A4, true);
                        n(j7);
                        n(j6);
                        n(A4);
                        pemEncoded.release();
                    } catch (SSLException e5) {
                    } catch (Exception e6) {
                        e = e6;
                        throw new SSLException("failed to set certificate and key", e);
                    }
                } catch (SSLException e7) {
                } catch (Exception e8) {
                    e = e8;
                } catch (Throwable th2) {
                    th = th2;
                    j5 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e9) {
        } catch (Exception e10) {
            e = e10;
        } catch (Throwable th4) {
            th = th4;
            j5 = 0;
            j6 = 0;
        }
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted a() {
        this.H.a();
        return this;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final boolean f() {
        return true;
    }

    @Override // io.netty.util.ReferenceCounted
    public final int f0() {
        AbstractReferenceCounted abstractReferenceCounted = this.H;
        abstractReferenceCounted.getClass();
        return AbstractReferenceCounted.f22667x.c(abstractReferenceCounted);
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SSLEngine h(ByteBufAllocator byteBufAllocator) {
        return s(byteBufAllocator, true);
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SslHandler i(ByteBufAllocator byteBufAllocator) {
        return new SslHandler(s(byteBufAllocator, false));
    }

    public final OpenSslApplicationProtocolNegotiator j() {
        return this.f22519x;
    }

    public final void m() {
        Lock writeLock = this.K.writeLock();
        writeLock.lock();
        try {
            long j3 = this.f22518b;
            if (j3 != 0) {
                SSLContext.free(j3);
                this.f22518b = 0L;
                OpenSslSessionContext v = v();
                if (v != null) {
                    v.a();
                }
            }
        } finally {
            writeLock.unlock();
        }
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted o() {
        ((AnonymousClass2) this.H).t(null);
        return this;
    }

    public final int q() {
        return this.f22517L;
    }

    @Override // io.netty.util.ReferenceCounted
    public final boolean release() {
        return this.H.release();
    }

    public SSLEngine s(ByteBufAllocator byteBufAllocator, boolean z) {
        return new ReferenceCountedOpenSslEngine(this, byteBufAllocator, z, true);
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted t(Object obj) {
        ((AnonymousClass2) this.H).t(obj);
        return this;
    }

    public abstract OpenSslSessionContext v();
}
