package io.grpc.netty.shaded.io.netty.handler.ssl;

import io.grpc.netty.shaded.io.netty.handler.ssl.a;
import io.grpc.netty.shaded.io.netty.handler.ssl.e0;
import io.grpc.netty.shaded.io.netty.internal.tcnative.CertificateVerifier;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSL;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSLContext;
import j$.util.concurrent.ConcurrentHashMap;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public abstract class i0 extends l0 implements d7.m {

    /* renamed from: t, reason: collision with root package name */
    public static final Integer f20455t;

    /* renamed from: d, reason: collision with root package name */
    public long f20458d;

    /* renamed from: e, reason: collision with root package name */
    public final List<String> f20459e;

    /* renamed from: f, reason: collision with root package name */
    public final s f20460f;

    /* renamed from: g, reason: collision with root package name */
    public final int f20461g;

    /* renamed from: h, reason: collision with root package name */
    public final d7.q<i0> f20462h;

    /* renamed from: i, reason: collision with root package name */
    public final d7.b f20463i;

    /* renamed from: j, reason: collision with root package name */
    public final Certificate[] f20464j;

    /* renamed from: k, reason: collision with root package name */
    public final io.grpc.netty.shaded.io.netty.handler.ssl.b f20465k;

    /* renamed from: l, reason: collision with root package name */
    public final String[] f20466l;

    /* renamed from: m, reason: collision with root package name */
    public final boolean f20467m;

    /* renamed from: n, reason: collision with root package name */
    public final a7.j f20468n;

    /* renamed from: o, reason: collision with root package name */
    public final ReadWriteLock f20469o;

    /* renamed from: p, reason: collision with root package name */
    public volatile int f20470p;

    /* renamed from: q, reason: collision with root package name */
    public static final g7.a f20452q = g7.b.a(i0.class.getName());

    /* renamed from: r, reason: collision with root package name */
    public static final int f20453r = Math.max(1, f7.u.d("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048));

    /* renamed from: s, reason: collision with root package name */
    public static final boolean f20454s = f7.u.c("io.grpc.netty.shaded.io.netty.handler.ssl.openssl.useTasks", false);

    /* renamed from: u, reason: collision with root package name */
    public static final d7.n<i0> f20456u = d7.o.f17046b.a(i0.class);

    /* renamed from: v, reason: collision with root package name */
    public static final s f20457v = new b();

    /* loaded from: classes.dex */
    public class a extends d7.b {
        public a() {
        }

        @Override // d7.b
        public void a() {
            z zVar;
            i0 i0Var = i0.this;
            Lock writeLock = i0Var.f20469o.writeLock();
            writeLock.lock();
            try {
                long j10 = i0Var.f20458d;
                if (j10 != 0) {
                    if (i0Var.f20467m) {
                        SSLContext.disableOcsp(j10);
                    }
                    SSLContext.free(i0Var.f20458d);
                    i0Var.f20458d = 0L;
                    a7.o z10 = i0Var.z();
                    if (z10 != null && (zVar = z10.f54a) != null) {
                        zVar.b();
                    }
                }
                writeLock.unlock();
                i0 i0Var2 = i0.this;
                d7.q<i0> qVar = i0Var2.f20462h;
                if (qVar != null) {
                    qVar.a(i0Var2);
                }
            } catch (Throwable th) {
                writeLock.unlock();
                throw th;
            }
        }

        @Override // d7.m
        public d7.m b(Object obj) {
            d7.q<i0> qVar = i0.this.f20462h;
            if (qVar != null) {
                qVar.c(obj);
            }
            return i0.this;
        }
    }

    /* loaded from: classes.dex */
    public static class b implements s {
        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.s
        public a.EnumC0212a a() {
            return a.EnumC0212a.NONE;
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.s
        public a.c b() {
            return a.c.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // a7.b
        public List<String> c() {
            return Collections.emptyList();
        }

        @Override // io.grpc.netty.shaded.io.netty.handler.ssl.s
        public a.b g() {
            return a.b.ACCEPT;
        }
    }

    /* loaded from: classes.dex */
    public static abstract class c extends CertificateVerifier {
        public c(a7.j jVar) {
        }
    }

    /* loaded from: classes.dex */
    public static final class d implements a7.j {

        /* renamed from: a, reason: collision with root package name */
        public final Map<Long, j0> f20472a;

        public d(a aVar) {
            g7.a aVar2 = f7.o.f17692a;
            this.f20472a = new ConcurrentHashMap();
        }
    }

    static {
        Integer num = null;
        try {
            String b10 = f7.u.b("jdk.tls.ephemeralDHKeySize", null);
            if (b10 != null) {
                try {
                    num = Integer.valueOf(b10);
                } catch (NumberFormatException unused) {
                    f20452q.m("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + b10);
                }
            }
        } catch (Throwable unused2) {
        }
        f20455t = num;
    }

    public i0(Iterable<String> iterable, a7.d dVar, io.grpc.netty.shaded.io.netty.handler.ssl.a aVar, long j10, long j11, int i10, Certificate[] certificateArr, io.grpc.netty.shaded.io.netty.handler.ssl.b bVar, String[] strArr, boolean z10, boolean z11, boolean z12) throws SSLException {
        this(iterable, dVar, E(aVar), j10, j11, i10, certificateArr, bVar, strArr, z10, z11, z12);
    }

    public i0(Iterable<String> iterable, a7.d dVar, s sVar, long j10, long j11, int i10, Certificate[] certificateArr, io.grpc.netty.shaded.io.netty.handler.ssl.b bVar, String[] strArr, boolean z10, boolean z11, boolean z12) throws SSLException {
        super(z10);
        io.grpc.netty.shaded.io.netty.handler.ssl.b bVar2;
        this.f20463i = new a();
        this.f20468n = new d(null);
        this.f20469o = new ReentrantReadWriteLock();
        this.f20470p = f20453r;
        Throwable th = r.f20602b;
        if (th != null) {
            throw ((Error) new UnsatisfiedLinkError("failed to load the required native library").initCause(th));
        }
        if (z11 && !r.f20608h) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i10 != 1 && i10 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.f20462h = z12 ? f20456u.c(this) : null;
        this.f20461g = i10;
        if (k()) {
            Objects.requireNonNull(bVar, "clientAuth");
            bVar2 = bVar;
        } else {
            bVar2 = io.grpc.netty.shaded.io.netty.handler.ssl.b.NONE;
        }
        this.f20465k = bVar2;
        this.f20466l = strArr;
        this.f20467m = z11;
        this.f20464j = certificateArr != null ? (Certificate[]) certificateArr.clone() : null;
        Objects.requireNonNull(dVar, "cipherFilter");
        List<String> asList = Arrays.asList(dVar.a(iterable, r.f20603c, r.f20606f));
        this.f20459e = asList;
        Objects.requireNonNull(sVar, "apn");
        this.f20460f = sVar;
        try {
            boolean z13 = r.f20609i;
            try {
                this.f20458d = SSLContext.make(z13 ? 62 : 30, i10);
                StringBuilder sb = new StringBuilder();
                StringBuilder sb2 = new StringBuilder();
                try {
                    int i11 = 0;
                    if (asList.isEmpty()) {
                        SSLContext.setCipherSuite(this.f20458d, "", false);
                        if (z13) {
                            SSLContext.setCipherSuite(this.f20458d, "", true);
                        }
                    } else {
                        a7.c.a(asList, sb, sb2, r.f20610j);
                        SSLContext.setCipherSuite(this.f20458d, sb.toString(), false);
                        if (z13) {
                            SSLContext.setCipherSuite(this.f20458d, sb2.toString(), true);
                        }
                    }
                    int options = SSLContext.getOptions(this.f20458d);
                    int i12 = SSL.f20623b;
                    int i13 = SSL.f20624c;
                    int i14 = options | i12 | i13 | SSL.f20622a | SSL.f20630i | SSL.f20629h;
                    SSLContext.setOptions(this.f20458d, sb.length() == 0 ? i14 | i12 | i13 | SSL.f20625d | SSL.f20626e | SSL.f20627f : i14);
                    long j12 = this.f20458d;
                    SSLContext.setMode(j12, SSLContext.getMode(j12) | SSL.f20632k);
                    Integer num = f20455t;
                    if (num != null) {
                        SSLContext.setTmpDHLength(this.f20458d, num.intValue());
                    }
                    List<String> c10 = sVar.c();
                    if (!c10.isEmpty()) {
                        String[] strArr2 = (String[]) c10.toArray(new String[0]);
                        int ordinal = sVar.b().ordinal();
                        if (ordinal != 1) {
                            if (ordinal != 2) {
                                throw new Error();
                            }
                            i11 = 1;
                        }
                        int ordinal2 = sVar.a().ordinal();
                        if (ordinal2 == 1) {
                            SSLContext.setNpnProtos(this.f20458d, strArr2, i11);
                        } else if (ordinal2 == 2) {
                            SSLContext.setAlpnProtos(this.f20458d, strArr2, i11);
                        } else {
                            if (ordinal2 != 3) {
                                throw new Error();
                            }
                            SSLContext.setNpnProtos(this.f20458d, strArr2, i11);
                            SSLContext.setAlpnProtos(this.f20458d, strArr2, i11);
                        }
                    }
                    SSLContext.setSessionCacheSize(this.f20458d, j10 <= 0 ? SSLContext.setSessionCacheSize(this.f20458d, 20480L) : j10);
                    SSLContext.setSessionCacheTimeout(this.f20458d, j11 <= 0 ? SSLContext.setSessionCacheTimeout(this.f20458d, 300L) : j11);
                    if (z11) {
                        SSLContext.enableOcsp(this.f20458d, j());
                    }
                    SSLContext.setUseTasks(this.f20458d, f20454s);
                } catch (SSLException e10) {
                    throw e10;
                } catch (Exception e11) {
                    throw new SSLException("failed to set cipher suite: " + this.f20459e, e11);
                }
            } catch (Exception e12) {
                throw new SSLException("failed to create an SSL_CTX", e12);
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    public static void A(long j10, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        long j11;
        long j12;
        long j13 = 0;
        a7.q qVar = null;
        try {
            try {
                m6.d dVar = m6.d.f31531a;
                qVar = g0.c(dVar, true, x509CertificateArr);
                j12 = B(dVar, qVar.d());
                try {
                    long B = B(dVar, qVar.d());
                    if (privateKey != null) {
                        try {
                            j13 = C(dVar, privateKey);
                        } catch (SSLException e10) {
                            throw e10;
                        } catch (Exception e11) {
                            e = e11;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j10, j12, j13, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j10, B, true);
                        v(j13);
                        v(j12);
                        v(B);
                        qVar.release();
                    } catch (SSLException e12) {
                        throw e12;
                    } catch (Exception e13) {
                        e = e13;
                        throw new SSLException("failed to set certificate and key", e);
                    } catch (Throwable th) {
                        th = th;
                        j11 = B;
                        v(j13);
                        v(j12);
                        v(j11);
                        if (qVar != null) {
                            qVar.release();
                        }
                        throw th;
                    }
                } catch (SSLException e14) {
                    throw e14;
                } catch (Exception e15) {
                    e = e15;
                } catch (Throwable th2) {
                    th = th2;
                    j11 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e16) {
            throw e16;
        } catch (Exception e17) {
            e = e17;
        } catch (Throwable th4) {
            th = th4;
            j11 = 0;
            j12 = 0;
        }
    }

    public static long B(m6.d dVar, a7.q qVar) throws Exception {
        try {
            io.grpc.netty.shaded.io.netty.buffer.g h10 = qVar.h();
            if (h10.T0()) {
                return w(h10.I1());
            }
            io.grpc.netty.shaded.io.netty.buffer.g d10 = dVar.d(h10.D1());
            try {
                d10.l2(h10, h10.E1(), h10.D1());
                long w10 = w(d10.I1());
                try {
                    if (qVar.q()) {
                        a7.z.h(d10);
                    }
                    return w10;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (qVar.q()) {
                        a7.z.h(d10);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            qVar.release();
        }
    }

    public static long C(m6.d dVar, PrivateKey privateKey) throws Exception {
        a7.q qVar;
        if (privateKey == null) {
            return 0L;
        }
        byte[] bArr = a7.r.f56h;
        if (privateKey instanceof a7.q) {
            qVar = ((a7.q) privateKey).d();
        } else {
            byte[] encoded = privateKey.getEncoded();
            if (encoded == null) {
                throw new IllegalArgumentException(privateKey.getClass().getName() + " does not support encoding");
            }
            io.grpc.netty.shaded.io.netty.buffer.g e10 = m6.q.e(encoded);
            try {
                io.grpc.netty.shaded.io.netty.buffer.g f10 = a7.z.f(dVar, e10);
                try {
                    byte[] bArr2 = a7.r.f56h;
                    int length = bArr2.length + f10.D1();
                    byte[] bArr3 = a7.r.f57i;
                    io.grpc.netty.shaded.io.netty.buffer.g d10 = dVar.d(length + bArr3.length);
                    try {
                        d10.n2(bArr2);
                        d10.j2(f10);
                        d10.n2(bArr3);
                        a7.s sVar = new a7.s(d10, true);
                        a7.z.h(e10);
                        e10.release();
                        qVar = sVar;
                    } catch (Throwable th) {
                        a7.z.h(d10);
                        d10.release();
                        throw th;
                    }
                } finally {
                    a7.z.h(f10);
                    f10.release();
                }
            } catch (Throwable th2) {
                a7.z.h(e10);
                e10.release();
                throw th2;
            }
        }
        try {
            return B(dVar, qVar.d());
        } finally {
            qVar.release();
        }
    }

    public static long D(m6.d dVar, X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        a7.q c10 = g0.c(dVar, true, x509CertificateArr);
        try {
            return B(dVar, c10.d());
        } finally {
            c10.release();
        }
    }

    public static s E(io.grpc.netty.shaded.io.netty.handler.ssl.a aVar) {
        int ordinal;
        if (aVar != null && (ordinal = aVar.f20379b.ordinal()) != 0) {
            if (ordinal != 1 && ordinal != 2 && ordinal != 3) {
                throw new Error();
            }
            int ordinal2 = aVar.f20381d.ordinal();
            if (ordinal2 != 0 && ordinal2 != 2) {
                throw new UnsupportedOperationException("OpenSSL provider does not support " + aVar.f20381d + " behavior");
            }
            int ordinal3 = aVar.f20380c.ordinal();
            if (ordinal3 == 1 || ordinal3 == 2) {
                return new w(aVar);
            }
            throw new UnsupportedOperationException("OpenSSL provider does not support " + aVar.f20380c + " behavior");
        }
        return f20457v;
    }

    public static X509TrustManager t(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                g7.a aVar = f7.o.f17692a;
                if (io.grpc.netty.shaded.io.netty.util.internal.f.f20862g < 7) {
                    return (X509TrustManager) trustManager;
                }
                return f0.f20426b.a((X509TrustManager) trustManager);
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static X509KeyManager u(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    public static void v(long j10) {
        if (j10 != 0) {
            SSL.freeBIO(j10);
        }
    }

    public static long w(io.grpc.netty.shaded.io.netty.buffer.g gVar) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int D1 = gVar.D1();
            if (SSL.bioWrite(newMemBIO, r.e(gVar) + gVar.E1(), D1) == D1) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            gVar.release();
        }
    }

    public static z y(KeyManagerFactory keyManagerFactory, String str) {
        if (keyManagerFactory instanceof e0) {
            e0.a.C0215a c0215a = ((e0) keyManagerFactory).f20413a.f20415b;
            if (c0215a != null) {
                return new e0.a.C0215a.C0216a(c0215a.f20416a, c0215a.f20417b, c0215a.f20418c);
            }
            throw new IllegalStateException("engineInit(...) not called yet");
        }
        if (!(keyManagerFactory instanceof a7.i)) {
            return new z(u(keyManagerFactory.getKeyManagers()), str);
        }
        a7.i iVar = (a7.i) keyManagerFactory;
        X509KeyManager u10 = u(iVar.getKeyManagers());
        return "sun.security.ssl.X509KeyManagerImpl".equals(u10.getClass().getName()) ? new z(u10, str) : new a7.h(u(iVar.getKeyManagers()), str, iVar.f48a);
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.l0
    public a7.b a() {
        return this.f20460f;
    }

    @Override // d7.m
    public final d7.m b(Object obj) {
        this.f20463i.b(obj);
        return this;
    }

    @Override // d7.m
    public final d7.m d() {
        this.f20463i.d();
        return this;
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.l0
    public final boolean j() {
        return this.f20461g == 0;
    }

    @Override // d7.m
    public final int m() {
        return this.f20463i.m();
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.l0
    public final SSLEngine p(m6.d dVar, String str, int i10) {
        return x(dVar, str, i10, true);
    }

    @Override // d7.m, a7.k
    public final boolean release() {
        return this.f20463i.release();
    }

    public SSLEngine x(m6.d dVar, String str, int i10, boolean z10) {
        return new j0(this, dVar, str, i10, z10, true);
    }

    public abstract a7.o z();
}
