package defpackage;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.PemPrivateKey;
import io.netty.handler.ssl.PemX509Certificate;
import io.netty.handler.ssl.ReferenceCountedOpenSslEngine;
import io.netty.util.ResourceLeakDetector;
import io.netty.util.internal.PlatformDependent;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* compiled from: ReferenceCountedOpenSslContext.java */
/* loaded from: classes4.dex */
public abstract class jqx extends jrg implements jtp {
    private static final List<String> eRG;
    private static final Integer eSv;
    public final ClientAuth eRL;
    private final long eSA;
    private final jqg eSB;
    private final jsn eSC;
    public final Certificate[] eSD;
    public volatile boolean eSE;
    public final jql eSr;
    public volatile long eSw;
    long eSx;
    private final List<String> eSy;
    private final long eSz;
    private final jtt<jqx> evw;
    private final int mode;
    private static final jyn logger = jyo.M(jqx.class);
    private static final boolean eSu = ((Boolean) AccessController.doPrivileged(new jqy())).booleanValue();
    private static final ResourceLeakDetector<jqx> esI = jtq.bwy().F(jqx.class);
    static final jqg eSF = new jra();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    public static abstract class a implements CertificateVerifier {
        private final jql eSr;

        /* JADX INFO: Access modifiers changed from: package-private */
        public a(jql jqlVar) {
            this.eSr = jqlVar;
        }
    }

    /* compiled from: ReferenceCountedOpenSslContext.java */
    /* loaded from: classes4.dex */
    static final class b implements jql {
        private final Map<Long, ReferenceCountedOpenSslEngine> eSH;

        private b() {
            this.eSH = PlatformDependent.bxV();
        }

        /* synthetic */ b(jqy jqyVar) {
            this();
        }

        @Override // defpackage.jql
        public void a(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) {
            this.eSH.put(Long.valueOf(referenceCountedOpenSslEngine.bvI()), referenceCountedOpenSslEngine);
        }

        @Override // defpackage.jql
        public ReferenceCountedOpenSslEngine gr(long j) {
            return this.eSH.remove(Long.valueOf(j));
        }
    }

    static {
        Integer num;
        String str;
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA");
        eRG = Collections.unmodifiableList(arrayList);
        if (logger.isDebugEnabled()) {
            logger.debug("Default cipher suite (OpenSSL): " + arrayList);
        }
        try {
            str = (String) AccessController.doPrivileged(new jrb());
        } catch (Throwable th) {
            num = null;
        }
        if (str != null) {
            try {
                num = Integer.valueOf(str);
            } catch (NumberFormatException e) {
                logger.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
            }
            eSv = num;
        }
        num = null;
        eSv = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public jqx(Iterable<String> iterable, jpe jpeVar, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, boolean z, boolean z2) {
        this(iterable, jpeVar, a(applicationProtocolConfig), j, j2, i, certificateArr, clientAuth, z, z2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public jqx(Iterable<String> iterable, jpe jpeVar, jqg jqgVar, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, boolean z, boolean z2) {
        super(z);
        ArrayList arrayList;
        this.eSC = new jqz(this);
        this.eSr = new b(null);
        jqd.bvu();
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.evw = z2 ? esI.cJ(this) : null;
        this.mode = i;
        this.eRL = brV() ? (ClientAuth) jwx.f(clientAuth, "clientAuth") : ClientAuth.NONE;
        if (i == 1) {
            this.eSE = eSu;
        }
        this.eSD = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            ArrayList arrayList2 = new ArrayList();
            Iterator<String> it2 = iterable.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    arrayList = arrayList2;
                    break;
                }
                String next = it2.next();
                if (next == null) {
                    arrayList = arrayList2;
                    break;
                }
                String nk = jpd.nk(next);
                if (nk != null) {
                    next = nk;
                }
                arrayList2.add(next);
            }
        } else {
            arrayList = null;
        }
        this.eSy = Arrays.asList(((jpe) jwx.f(jpeVar, "cipherFilter")).a(arrayList, eRG, jqd.bvv()));
        this.eSB = (jqg) jwx.f(jqgVar, "apn");
        this.eSx = Pool.create(0L);
        try {
            synchronized (jqx.class) {
                try {
                    this.eSw = SSLContext.make(this.eSx, 31, i);
                    SSLContext.setOptions(this.eSw, 4095);
                    SSLContext.setOptions(this.eSw, 16777216);
                    SSLContext.setOptions(this.eSw, 33554432);
                    SSLContext.setOptions(this.eSw, 4194304);
                    SSLContext.setOptions(this.eSw, 524288);
                    SSLContext.setOptions(this.eSw, 1048576);
                    SSLContext.setOptions(this.eSw, 65536);
                    SSLContext.setOptions(this.eSw, 131072);
                    SSLContext.setOptions(this.eSw, 16384);
                    SSLContext.setMode(this.eSw, SSLContext.getMode(this.eSw) | 2);
                    if (eSv != null) {
                        SSLContext.setTmpDHLength(this.eSw, eSv.intValue());
                    }
                    try {
                        SSLContext.setCipherSuite(this.eSw, jpd.I(this.eSy));
                        List<String> bvh = jqgVar.bvh();
                        if (!bvh.isEmpty()) {
                            String[] strArr = (String[]) bvh.toArray(new String[bvh.size()]);
                            int a2 = a(jqgVar.bvf());
                            switch (jqgVar.bve()) {
                                case NPN:
                                    SSLContext.setNpnProtos(this.eSw, strArr, a2);
                                    break;
                                case ALPN:
                                    SSLContext.setAlpnProtos(this.eSw, strArr, a2);
                                    break;
                                case NPN_AND_ALPN:
                                    SSLContext.setNpnProtos(this.eSw, strArr, a2);
                                    SSLContext.setAlpnProtos(this.eSw, strArr, a2);
                                    break;
                                default:
                                    throw new Error();
                            }
                        }
                        if (j > 0) {
                            this.eSz = j;
                            SSLContext.setSessionCacheSize(this.eSw, j);
                        } else {
                            long sessionCacheSize = SSLContext.setSessionCacheSize(this.eSw, 20480L);
                            this.eSz = sessionCacheSize;
                            SSLContext.setSessionCacheSize(this.eSw, sessionCacheSize);
                        }
                        if (j2 > 0) {
                            this.eSA = j2;
                            SSLContext.setSessionCacheTimeout(this.eSw, j2);
                        } else {
                            long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.eSw, 300L);
                            this.eSA = sessionCacheTimeout;
                            SSLContext.setSessionCacheTimeout(this.eSw, sessionCacheTimeout);
                        }
                    } catch (SSLException e) {
                        throw e;
                    } catch (Exception e2) {
                        throw new SSLException("failed to set cipher suite: " + this.eSy, e2);
                    }
                } catch (Exception e3) {
                    throw new SSLException("failed to create an SSL_CTX", e3);
                }
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    private static int a(ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior) {
        switch (selectorFailureBehavior) {
            case NO_ADVERTISE:
                return 0;
            case CHOOSE_MY_LAST_PROTOCOL:
                return 1;
            default:
                throw new Error();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(iwp iwpVar, jqt jqtVar) {
        long ab;
        try {
            iwo content = jqtVar.content();
            if (content.isDirect()) {
                ab = ab(content.bkF());
            } else {
                iwo qe = iwpVar.qe(content.bhy());
                try {
                    qe.b(content, content.bkm(), content.bhy());
                    ab = ab(qe.bkF());
                    try {
                        if (jqtVar.isSensitive()) {
                            jrt.ac(qe);
                        }
                    } finally {
                    }
                } catch (Throwable th) {
                    try {
                        if (jqtVar.isSensitive()) {
                            jrt.ac(qe);
                        }
                        throw th;
                    } finally {
                    }
                }
            }
            return ab;
        } finally {
            jqtVar.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(PrivateKey privateKey) {
        if (privateKey == null) {
            return 0L;
        }
        iwp iwpVar = iwp.esZ;
        jqt pem = PemPrivateKey.toPEM(iwpVar, true, privateKey);
        try {
            return a(iwpVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(X509Certificate... x509CertificateArr) {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        iwp iwpVar = iwp.esZ;
        jqt pem = PemX509Certificate.toPEM(iwpVar, true, x509CertificateArr);
        try {
            return a(iwpVar, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager a(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static jqg a(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return eSF;
        }
        switch (applicationProtocolConfig.bve()) {
            case NPN:
            case ALPN:
            case NPN_AND_ALPN:
                switch (applicationProtocolConfig.bvg()) {
                    case CHOOSE_MY_LAST_PROTOCOL:
                    case ACCEPT:
                        switch (applicationProtocolConfig.bvf()) {
                            case NO_ADVERTISE:
                            case CHOOSE_MY_LAST_PROTOCOL:
                                return new jqj(applicationProtocolConfig);
                            default:
                                throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.bvf() + " behavior");
                        }
                    default:
                        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.bvg() + " behavior");
                }
            case NONE:
                return eSF;
            default:
                throw new Error();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Removed duplicated region for block: B:28:0x0063  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void a(long r16, java.security.cert.X509Certificate[] r18, java.security.PrivateKey r19, java.lang.String r20) {
        /*
            r12 = 0
            r4 = 0
            r6 = 0
            r3 = 0
            iwp r2 = defpackage.iwp.esZ     // Catch: javax.net.ssl.SSLException -> L4c java.lang.Exception -> L67 java.lang.Throwable -> L74
            r8 = 1
            r0 = r18
            jqt r9 = io.netty.handler.ssl.PemX509Certificate.toPEM(r2, r8, r0)     // Catch: javax.net.ssl.SSLException -> L4c java.lang.Exception -> L67 java.lang.Throwable -> L74
            iwp r2 = defpackage.iwp.esZ     // Catch: java.lang.Throwable -> L72 java.lang.Exception -> L7e javax.net.ssl.SSLException -> L87
            jqt r3 = r9.retain()     // Catch: java.lang.Throwable -> L72 java.lang.Exception -> L7e javax.net.ssl.SSLException -> L87
            long r4 = a(r2, r3)     // Catch: java.lang.Throwable -> L72 java.lang.Exception -> L7e javax.net.ssl.SSLException -> L87
            iwp r2 = defpackage.iwp.esZ     // Catch: java.lang.Throwable -> L72 java.lang.Exception -> L7e javax.net.ssl.SSLException -> L87
            jqt r3 = r9.retain()     // Catch: java.lang.Throwable -> L72 java.lang.Exception -> L7e javax.net.ssl.SSLException -> L87
            long r10 = a(r2, r3)     // Catch: java.lang.Throwable -> L72 java.lang.Exception -> L7e javax.net.ssl.SSLException -> L87
            if (r19 == 0) goto L9a
            long r6 = a(r19)     // Catch: java.lang.Throwable -> L77 java.lang.Exception -> L80 javax.net.ssl.SSLException -> L8e
        L2a:
            if (r20 != 0) goto L49
            java.lang.String r8 = ""
        L2f:
            r2 = r16
            org.apache.tomcat.jni.SSLContext.setCertificateBio(r2, r4, r6, r8)     // Catch: java.lang.Throwable -> L7a java.lang.Exception -> L83 javax.net.ssl.SSLException -> L94
            r2 = 1
            r0 = r16
            org.apache.tomcat.jni.SSLContext.setCertificateChainBio(r0, r10, r2)     // Catch: java.lang.Throwable -> L7a java.lang.Exception -> L83 javax.net.ssl.SSLException -> L94
            gs(r6)
            gs(r4)
            gs(r10)
            if (r9 == 0) goto L48
            r9.release()
        L48:
            return
        L49:
            r8 = r20
            goto L2f
        L4c:
            r2 = move-exception
            r8 = r12
            r14 = r4
            r4 = r6
            r6 = r14
        L51:
            throw r2     // Catch: java.lang.Throwable -> L52
        L52:
            r2 = move-exception
            r12 = r8
            r9 = r3
            r14 = r6
            r6 = r4
            r4 = r14
        L58:
            gs(r12)
            gs(r4)
            gs(r6)
            if (r9 == 0) goto L66
            r9.release()
        L66:
            throw r2
        L67:
            r2 = move-exception
            r9 = r3
        L69:
            javax.net.ssl.SSLException r3 = new javax.net.ssl.SSLException     // Catch: java.lang.Throwable -> L72
            java.lang.String r8 = "failed to set certificate and key"
            r3.<init>(r8, r2)     // Catch: java.lang.Throwable -> L72
            throw r3     // Catch: java.lang.Throwable -> L72
        L72:
            r2 = move-exception
            goto L58
        L74:
            r2 = move-exception
            r9 = r3
            goto L58
        L77:
            r2 = move-exception
            r6 = r10
            goto L58
        L7a:
            r2 = move-exception
            r12 = r6
            r6 = r10
            goto L58
        L7e:
            r2 = move-exception
            goto L69
        L80:
            r2 = move-exception
            r6 = r10
            goto L69
        L83:
            r2 = move-exception
            r12 = r6
            r6 = r10
            goto L69
        L87:
            r2 = move-exception
            r3 = r9
            r8 = r12
            r14 = r4
            r4 = r6
            r6 = r14
            goto L51
        L8e:
            r2 = move-exception
            r3 = r9
            r6 = r4
            r4 = r10
            r8 = r12
            goto L51
        L94:
            r2 = move-exception
            r3 = r9
            r8 = r6
            r6 = r4
            r4 = r10
            goto L51
        L9a:
            r6 = r12
            goto L2a
        */
        throw new UnsupportedOperationException("Method not decompiled: defpackage.jqx.a(long, java.security.cert.X509Certificate[], java.security.PrivateKey, java.lang.String):void");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509KeyManager x509KeyManager) {
        return PlatformDependent.bxO() >= 7 && (x509KeyManager instanceof X509ExtendedKeyManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509TrustManager x509TrustManager) {
        return PlatformDependent.bxO() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    private static long ab(iwo iwoVar) {
        try {
            long newMemBIO = SSL.newMemBIO();
            int bhy = iwoVar.bhy();
            if (SSL.writeToBIO(newMemBIO, jqd.aa(iwoVar) + iwoVar.bkm(), bhy) == bhy) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            iwoVar.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void gs(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    @Override // defpackage.jrg
    public final SSLEngine a(iwp iwpVar, String str, int i) {
        return b(iwpVar, str, i);
    }

    SSLEngine b(iwp iwpVar, String str, int i) {
        return new ReferenceCountedOpenSslEngine(this, iwpVar, str, i, true);
    }

    public abstract jqr bvA();

    public abstract jqo bvB();

    public jpb bvH() {
        return this.eSB;
    }

    @Override // defpackage.jrg
    public final boolean bvn() {
        return this.mode == 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void destroy() {
        synchronized (jqx.class) {
            if (this.eSw != 0) {
                SSLContext.free(this.eSw);
                this.eSw = 0L;
            }
            if (this.eSx != 0) {
                Pool.destroy(this.eSx);
                this.eSx = 0L;
            }
        }
    }

    @Override // defpackage.jtp
    public final int refCnt() {
        return this.eSC.refCnt();
    }

    @Override // defpackage.jtp
    public final boolean release() {
        return this.eSC.release();
    }

    @Override // defpackage.jtp
    public final boolean release(int i) {
        return this.eSC.release(i);
    }

    @Override // defpackage.jtp, defpackage.jqt
    public final jtp retain() {
        this.eSC.retain();
        return this;
    }

    @Override // defpackage.jtp
    public final jtp retain(int i) {
        this.eSC.retain(i);
        return this;
    }

    @Override // defpackage.jtp
    public final jtp touch() {
        this.eSC.touch();
        return this;
    }

    @Override // defpackage.jtp
    public final jtp touch(Object obj) {
        this.eSC.touch(obj);
        return this;
    }
}
