package c.a.u1.a.a.b.c.d;

import c.a.u1.a.a.b.c.d.b;
import io.grpc.netty.shaded.io.netty.internal.tcnative.CertificateVerifier;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSL;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSLContext;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public abstract class d1 extends j1 implements c.a.u1.a.a.b.e.s {
    private static final Integer v;

    /* renamed from: f, reason: collision with root package name */
    protected long f2824f;

    /* renamed from: g, reason: collision with root package name */
    private final List<String> f2825g;
    private final d0 h;
    private final int i;
    private final c.a.u1.a.a.b.e.w<d1> j;
    private final c.a.u1.a.a.b.e.b k;
    final Certificate[] l;
    final c.a.u1.a.a.b.c.d.g m;
    final String[] n;
    final boolean o;
    final k0 p;
    final ReadWriteLock q;
    private volatile int r;
    private static final c.a.u1.a.a.b.e.b0.f0.d s = c.a.u1.a.a.b.e.b0.f0.e.b(d1.class);
    private static final int t = ((Integer) AccessController.doPrivileged(new a())).intValue();
    private static final boolean u = c.a.u1.a.a.b.e.b0.a0.d("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.useTasks", false);
    private static final c.a.u1.a.a.b.e.t<d1> w = c.a.u1.a.a.b.e.u.b().c(d1.class);
    static final d0 x = new c();

    /* loaded from: classes2.dex */
    static class a implements PrivilegedAction<Integer> {
        a() {
        }

        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Integer run() {
            return Integer.valueOf(Math.max(1, c.a.u1.a.a.b.e.b0.a0.e("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048)));
        }
    }

    /* loaded from: classes2.dex */
    class b extends c.a.u1.a.a.b.e.b {
        b() {
        }

        @Override // c.a.u1.a.a.b.e.b
        protected void a() {
            d1.this.B();
            if (d1.this.j != null) {
                d1.this.j.a(d1.this);
            }
        }

        @Override // c.a.u1.a.a.b.e.s
        public c.a.u1.a.a.b.e.s l(Object obj) {
            if (d1.this.j != null) {
                d1.this.j.c(obj);
            }
            return d1.this;
        }
    }

    /* loaded from: classes2.dex */
    static class c implements d0 {
        c() {
        }

        @Override // c.a.u1.a.a.b.c.d.d0
        public b.a a() {
            return b.a.NONE;
        }

        @Override // c.a.u1.a.a.b.c.d.d0
        public b.c b() {
            return b.c.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // c.a.u1.a.a.b.c.d.c
        public List<String> c() {
            return Collections.emptyList();
        }

        @Override // c.a.u1.a.a.b.c.d.d0
        public b.EnumC0083b g() {
            return b.EnumC0083b.ACCEPT;
        }
    }

    /* loaded from: classes2.dex */
    static class d implements PrivilegedAction<String> {
        d() {
        }

        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public String run() {
            return c.a.u1.a.a.b.e.b0.a0.b("jdk.tls.ephemeralDHKeySize");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class e {
        static final /* synthetic */ int[] a;

        /* renamed from: b, reason: collision with root package name */
        static final /* synthetic */ int[] f2826b;

        /* renamed from: c, reason: collision with root package name */
        static final /* synthetic */ int[] f2827c;

        static {
            int[] iArr = new int[b.EnumC0083b.values().length];
            f2827c = iArr;
            try {
                iArr[b.EnumC0083b.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f2827c[b.EnumC0083b.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[b.c.values().length];
            f2826b = iArr2;
            try {
                iArr2[b.c.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f2826b[b.c.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr3 = new int[b.a.values().length];
            a = iArr3;
            try {
                iArr3[b.a.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                a[b.a.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                a[b.a.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                a[b.a.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* loaded from: classes2.dex */
    static abstract class f extends CertificateVerifier {
        /* JADX INFO: Access modifiers changed from: package-private */
        public f(k0 k0Var) {
        }
    }

    /* loaded from: classes2.dex */
    private static final class g implements k0 {
        private final Map<Long, e1> a;

        private g() {
            this.a = c.a.u1.a.a.b.e.b0.r.e0();
        }

        /* synthetic */ g(a aVar) {
            this();
        }

        @Override // c.a.u1.a.a.b.c.d.k0
        public void a(e1 e1Var) {
            this.a.put(Long.valueOf(e1Var.l0()), e1Var);
        }

        @Override // c.a.u1.a.a.b.c.d.k0
        public e1 b(long j) {
            return this.a.remove(Long.valueOf(j));
        }
    }

    static {
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new d());
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    s.j("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        v = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public d1(Iterable<String> iterable, c.a.u1.a.a.b.c.d.f fVar, c.a.u1.a.a.b.c.d.b bVar, long j, long j2, int i, Certificate[] certificateArr, c.a.u1.a.a.b.c.d.g gVar, String[] strArr, boolean z, boolean z2, boolean z3) {
        this(iterable, fVar, P(bVar), j, j2, i, certificateArr, gVar, strArr, z, z2, z3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public d1(Iterable<String> iterable, c.a.u1.a.a.b.c.d.f fVar, d0 d0Var, long j, long j2, int i, Certificate[] certificateArr, c.a.u1.a.a.b.c.d.g gVar, String[] strArr, boolean z, boolean z2, boolean z3) {
        super(z);
        c.a.u1.a.a.b.c.d.g gVar2;
        long j3;
        this.k = new b();
        this.p = new g(0 == true ? 1 : 0);
        this.q = new ReentrantReadWriteLock();
        this.r = t;
        c0.d();
        if (z2 && !c0.j()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.j = z3 ? w.k(this) : null;
        this.i = i;
        if (k()) {
            c.a.u1.a.a.b.e.b0.p.a(gVar, "clientAuth");
            gVar2 = gVar;
        } else {
            gVar2 = c.a.u1.a.a.b.c.d.g.NONE;
        }
        this.m = gVar2;
        this.n = strArr;
        this.o = z2;
        this.l = certificateArr != null ? (Certificate[]) certificateArr.clone() : null;
        c.a.u1.a.a.b.e.b0.p.a(fVar, "cipherFilter");
        List<String> asList = Arrays.asList(fVar.a(iterable, c0.f2819c, c0.a()));
        this.f2825g = asList;
        c.a.u1.a.a.b.e.b0.p.a(d0Var, "apn");
        this.h = d0Var;
        try {
            try {
                this.f2824f = SSLContext.make(c0.k() ? 62 : 30, i);
                boolean k = c0.k();
                StringBuilder sb = new StringBuilder();
                StringBuilder sb2 = new StringBuilder();
                try {
                    try {
                        if (asList.isEmpty()) {
                            SSLContext.setCipherSuite(this.f2824f, "", false);
                            if (k) {
                                SSLContext.setCipherSuite(this.f2824f, "", true);
                            }
                        } else {
                            c.a.u1.a.a.b.c.d.e.c(asList, sb, sb2, c0.h());
                            SSLContext.setCipherSuite(this.f2824f, sb.toString(), false);
                            if (k) {
                                SSLContext.setCipherSuite(this.f2824f, sb2.toString(), true);
                            }
                        }
                        int options = SSLContext.getOptions(this.f2824f);
                        int i2 = SSL.f11591b;
                        int i3 = SSL.f11592c;
                        int i4 = options | i2 | i3 | SSL.f11596g | SSL.a | SSL.i | SSL.h;
                        SSLContext.setOptions(this.f2824f, sb.length() == 0 ? i4 | i2 | i3 | SSL.f11593d | SSL.f11594e | SSL.f11595f : i4);
                        long j4 = this.f2824f;
                        SSLContext.setMode(j4, SSLContext.getMode(j4) | SSL.k);
                        Integer num = v;
                        if (num != null) {
                            SSLContext.setTmpDHLength(this.f2824f, num.intValue());
                        }
                        List<String> c2 = d0Var.c();
                        if (!c2.isEmpty()) {
                            String[] strArr2 = (String[]) c2.toArray(new String[0]);
                            int H = H(d0Var.b());
                            int i5 = e.a[d0Var.a().ordinal()];
                            if (i5 != 1) {
                                if (i5 == 2) {
                                    j3 = this.f2824f;
                                } else {
                                    if (i5 != 3) {
                                        throw new Error();
                                    }
                                    SSLContext.setNpnProtos(this.f2824f, strArr2, H);
                                    j3 = this.f2824f;
                                }
                                SSLContext.setAlpnProtos(j3, strArr2, H);
                            } else {
                                SSLContext.setNpnProtos(this.f2824f, strArr2, H);
                            }
                        }
                        SSLContext.setSessionCacheSize(this.f2824f, j <= 0 ? SSLContext.setSessionCacheSize(this.f2824f, 20480L) : j);
                        SSLContext.setSessionCacheTimeout(this.f2824f, j2 <= 0 ? SSLContext.setSessionCacheTimeout(this.f2824f, 300L) : j2);
                        if (z2) {
                            SSLContext.enableOcsp(this.f2824f, j());
                        }
                        SSLContext.setUseTasks(this.f2824f, u);
                    } catch (Exception e2) {
                        throw new SSLException("failed to set cipher suite: " + this.f2825g, e2);
                    }
                } catch (SSLException e3) {
                    throw e3;
                }
            } catch (Exception e4) {
                throw new SSLException("failed to create an SSL_CTX", e4);
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void B() {
        Lock writeLock = this.q.writeLock();
        writeLock.lock();
        try {
            long j = this.f2824f;
            if (j != 0) {
                if (this.o) {
                    SSLContext.disableOcsp(j);
                }
                SSLContext.free(this.f2824f);
                this.f2824f = 0L;
                t0 K = K();
                if (K != null) {
                    K.a();
                }
            }
        } finally {
            writeLock.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void C(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    private static long F(c.a.u1.a.a.b.b.j jVar) {
        try {
            long newMemBIO = SSL.newMemBIO();
            int f2 = jVar.f2();
            if (SSL.bioWrite(newMemBIO, c0.m(jVar) + jVar.g2(), f2) == f2) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            jVar.release();
        }
    }

    private static int H(b.c cVar) {
        int i = e.f2826b[cVar.ordinal()];
        if (i == 1) {
            return 0;
        }
        if (i == 2) {
            return 1;
        }
        throw new Error();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static o0 I(KeyManagerFactory keyManagerFactory, String str) {
        if (keyManagerFactory instanceof w0) {
            return ((w0) keyManagerFactory).c();
        }
        X509KeyManager z = z(keyManagerFactory.getKeyManagers());
        return keyManagerFactory instanceof f0 ? new e0(z, str) : new o0(z, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void L(long j, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) {
        long j2;
        long j3;
        long M;
        long j4 = 0;
        y0 y0Var = null;
        try {
            try {
                c.a.u1.a.a.b.b.k kVar = c.a.u1.a.a.b.b.k.a;
                y0Var = b1.d(kVar, true, x509CertificateArr);
                j3 = M(kVar, y0Var.e());
                try {
                    M = M(kVar, y0Var.e());
                    if (privateKey != null) {
                        try {
                            j4 = N(kVar, privateKey);
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            e = e3;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    }
                } catch (SSLException e4) {
                    throw e4;
                } catch (Exception e5) {
                    e = e5;
                } catch (Throwable th) {
                    th = th;
                    j2 = 0;
                }
            } catch (Throwable th2) {
                th = th2;
            }
            try {
                SSLContext.setCertificateBio(j, j3, j4, str == null ? "" : str);
                SSLContext.setCertificateChainBio(j, M, true);
                C(j4);
                C(j3);
                C(M);
                if (y0Var != null) {
                    y0Var.release();
                }
            } catch (SSLException e6) {
            } catch (Exception e7) {
                e = e7;
                throw new SSLException("failed to set certificate and key", e);
            } catch (Throwable th3) {
                th = th3;
                j2 = M;
                C(j4);
                C(j3);
                C(j2);
                if (y0Var != null) {
                    y0Var.release();
                }
                throw th;
            }
        } catch (SSLException e8) {
            throw e8;
        } catch (Exception e9) {
            e = e9;
        } catch (Throwable th4) {
            th = th4;
            j2 = 0;
            j3 = 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long M(c.a.u1.a.a.b.b.k kVar, y0 y0Var) {
        try {
            c.a.u1.a.a.b.b.j o = y0Var.o();
            if (o.C1()) {
                return F(o.k2());
            }
            c.a.u1.a.a.b.b.j g2 = kVar.g(o.f2());
            try {
                g2.M2(o, o.g2(), o.f2());
                long F = F(g2.k2());
                try {
                    if (y0Var.X()) {
                        p1.q(g2);
                    }
                    return F;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (y0Var.X()) {
                        p1.q(g2);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            y0Var.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long N(c.a.u1.a.a.b.b.k kVar, PrivateKey privateKey) {
        if (privateKey == null) {
            return 0L;
        }
        y0 k = z0.k(kVar, true, privateKey);
        try {
            return M(kVar, k.e());
        } finally {
            k.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long O(c.a.u1.a.a.b.b.k kVar, X509Certificate... x509CertificateArr) {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        y0 d2 = b1.d(kVar, true, x509CertificateArr);
        try {
            return M(kVar, d2.e());
        } finally {
            d2.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static d0 P(c.a.u1.a.a.b.c.d.b bVar) {
        if (bVar == null) {
            return x;
        }
        int i = e.a[bVar.a().ordinal()];
        if (i != 1 && i != 2 && i != 3) {
            if (i == 4) {
                return x;
            }
            throw new Error();
        }
        int i2 = e.f2827c[bVar.b().ordinal()];
        if (i2 != 1 && i2 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + bVar.b() + " behavior");
        }
        int i3 = e.f2826b[bVar.c().ordinal()];
        if (i3 == 1 || i3 == 2) {
            return new i0(bVar);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + bVar.c() + " behavior");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean Q(X509TrustManager x509TrustManager) {
        return c.a.u1.a.a.b.e.b0.r.a0() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager x(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return x0.c((X509TrustManager) trustManager);
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager z(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    public int D() {
        return this.r;
    }

    @Override // c.a.u1.a.a.b.e.s
    public final int E() {
        return this.k.E();
    }

    SSLEngine G(c.a.u1.a.a.b.b.k kVar, String str, int i, boolean z) {
        return new e1(this, kVar, str, i, z, true);
    }

    public abstract t0 K();

    @Override // c.a.u1.a.a.b.e.s
    public final c.a.u1.a.a.b.e.s e() {
        this.k.e();
        return this;
    }

    @Override // c.a.u1.a.a.b.c.d.j1
    public final boolean j() {
        return this.i == 0;
    }

    @Override // c.a.u1.a.a.b.e.s
    public final c.a.u1.a.a.b.e.s l(Object obj) {
        this.k.l(obj);
        return this;
    }

    @Override // c.a.u1.a.a.b.c.d.j1
    public final SSLEngine r(c.a.u1.a.a.b.b.k kVar, String str, int i) {
        return G(kVar, str, i, true);
    }

    @Override // c.a.u1.a.a.b.e.s
    public final boolean release() {
        return this.k.release();
    }

    public c.a.u1.a.a.b.c.d.c w() {
        return this.h;
    }
}
