package io.grpc.netty.shaded.io.netty.handler.ssl;

import io.grpc.netty.shaded.io.netty.handler.ssl.i0;
import io.grpc.netty.shaded.io.netty.internal.tcnative.CertificateCallback;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSLContext;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SniHostNameMatcher;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Objects;
import java.util.concurrent.locks.Lock;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public final class k0 extends i0 {

    /* renamed from: x, reason: collision with root package name */
    public static final byte[] f20516x;

    /* renamed from: y, reason: collision with root package name */
    public static final boolean f20517y;

    /* renamed from: w, reason: collision with root package name */
    public final a7.n f20518w;

    /* loaded from: classes.dex */
    public static final class a extends i0.c {
        public a(a7.j jVar, X509ExtendedTrustManager x509ExtendedTrustManager) {
            super(jVar);
            c0.a(x509ExtendedTrustManager);
        }
    }

    /* loaded from: classes.dex */
    public static final class b implements CertificateCallback {
        public b(a7.j jVar, a7.l lVar) {
        }
    }

    /* loaded from: classes.dex */
    public static final class c implements SniHostNameMatcher {
        public c(a7.j jVar) {
        }
    }

    /* loaded from: classes.dex */
    public static final class d extends i0.c {
        public d(a7.j jVar, X509TrustManager x509TrustManager) {
            super(jVar);
        }
    }

    static {
        g7.b.a(k0.class.getName());
        f20516x = new byte[]{110, 101, 116, 116, 121};
        f20517y = f7.u.c("jdk.tls.server.enableSessionTicketExtension", false);
    }

    public k0(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, a7.d dVar, io.grpc.netty.shaded.io.netty.handler.ssl.a aVar, long j10, long j11, io.grpc.netty.shaded.io.netty.handler.ssl.b bVar, String[] strArr, boolean z10, boolean z11, String str2) throws SSLException {
        super(iterable, dVar, i0.E(aVar), j10, j11, 1, (Certificate[]) x509CertificateArr2, bVar, strArr, z10, z11, true);
        try {
            a7.n F = F(this, this.f20458d, this.f20468n, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, str2);
            this.f20518w = F;
            if (f20517y) {
                F.a(new a7.p[0]);
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    public static a7.n F(i0 i0Var, long j10, a7.j jVar, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, String str2) throws SSLException {
        z zVar;
        try {
            try {
                SSLContext.setVerify(j10, 0, 10);
                if (r.f20607g) {
                    if (keyManagerFactory == null) {
                        char[] n10 = l0.n(str);
                        KeyStore f10 = l0.f(x509CertificateArr2, privateKey, n10, str2);
                        KeyManagerFactory e0Var = f10.aliases().hasMoreElements() ? new e0() : new a7.i(KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()));
                        e0Var.init(f10, n10);
                        keyManagerFactory = e0Var;
                    }
                    zVar = i0.y(keyManagerFactory, str);
                    try {
                        try {
                            SSLContext.setCertificateCallback(j10, new b(jVar, new a7.l(zVar)));
                        } catch (Exception e10) {
                            e = e10;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    } catch (Throwable th) {
                        th = th;
                        if (zVar != null) {
                            zVar.b();
                        }
                        throw th;
                    }
                } else {
                    if (keyManagerFactory != null) {
                        throw new IllegalArgumentException("KeyManagerFactory not supported");
                    }
                    Objects.requireNonNull(x509CertificateArr2, "keyCertChain");
                    i0.A(j10, x509CertificateArr2, privateKey, str);
                    zVar = null;
                }
                try {
                    if (x509CertificateArr != null) {
                        trustManagerFactory = l0.g(x509CertificateArr, trustManagerFactory, str2);
                    } else if (trustManagerFactory == null) {
                        trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init((KeyStore) null);
                    }
                    X509TrustManager t10 = i0.t(trustManagerFactory.getTrustManagers());
                    G(j10, jVar, t10);
                    X509Certificate[] acceptedIssuers = t10.getAcceptedIssuers();
                    if (acceptedIssuers != null && acceptedIssuers.length > 0) {
                        long j11 = 0;
                        try {
                            j11 = i0.D(m6.d.f31531a, acceptedIssuers);
                            if (!SSLContext.setCACertificateBio(j10, j11)) {
                                throw new SSLException("unable to setup accepted issuers for trustmanager " + t10);
                            }
                        } finally {
                            i0.v(j11);
                        }
                    }
                    g7.a aVar = f7.o.f17692a;
                    if (io.grpc.netty.shaded.io.netty.util.internal.f.f20862g >= 8) {
                        SSLContext.setSniHostnameMatcher(j10, new c(jVar));
                    }
                    a7.n nVar = new a7.n(i0Var, zVar);
                    byte[] bArr = f20516x;
                    Lock writeLock = i0Var.f20469o.writeLock();
                    writeLock.lock();
                    try {
                        SSLContext.setSessionIdContext(i0Var.f20458d, bArr);
                        return nVar;
                    } finally {
                        writeLock.unlock();
                    }
                } catch (SSLException e11) {
                    throw e11;
                } catch (Exception e12) {
                    throw new SSLException("unable to setup trustmanager", e12);
                }
            } catch (Throwable th2) {
                th = th2;
                zVar = null;
            }
        } catch (Exception e13) {
            e = e13;
        }
    }

    public static void G(long j10, a7.j jVar, X509TrustManager x509TrustManager) {
        g7.a aVar = f7.o.f17692a;
        if (io.grpc.netty.shaded.io.netty.util.internal.f.f20862g >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager)) {
            SSLContext.setCertVerifyCallback(j10, new a(jVar, (X509ExtendedTrustManager) x509TrustManager));
        } else {
            SSLContext.setCertVerifyCallback(j10, new d(jVar, x509TrustManager));
        }
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.i0
    public a7.o z() {
        return this.f20518w;
    }
}
