package Y5;

import P5.AbstractC0139c;
import P5.AbstractC0161n;
import P5.InterfaceC0163o;
import b6.AbstractC0612S;
import b6.AbstractC0618c;
import b6.C0610P;
import b6.InterfaceC0604J;
import b6.InterfaceC0614U;
import d6.AbstractC0752B;
import d6.AbstractC0766k;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public abstract class F0 extends AbstractC0428b1 implements InterfaceC0604J {
    private static final Integer DH_KEY_LENGTH;
    private final G apn;
    private volatile int bioNonApplicationBufferSize;
    final EnumC0450j clientAuth;
    protected long ctx;
    final ReadWriteLock ctxLock;
    final boolean enableOcsp;
    final S engineMap;
    final Certificate[] keyCertChain;
    private final InterfaceC0614U leak;
    private final int mode;
    final String[] protocols;
    private final AbstractC0618c refCnt;
    final boolean tlsFalseStart;
    private final List<String> unmodifiableCiphers;
    private static final e6.c logger = e6.d.getInstance((Class<?>) F0.class);
    private static final int DEFAULT_BIO_NON_APPLICATION_BUFFER_SIZE = Math.max(1, d6.p0.getInt("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048));
    static final boolean USE_TASKS = d6.p0.getBoolean("io.netty.handler.ssl.openssl.useTasks", true);
    private static final C0610P leakDetector = AbstractC0612S.instance().newResourceLeakDetector(F0.class);
    static final boolean CLIENT_ENABLE_SESSION_TICKET = d6.p0.getBoolean("jdk.tls.client.enableSessionTicketExtension", false);
    static final boolean CLIENT_ENABLE_SESSION_TICKET_TLSV13 = d6.p0.getBoolean("jdk.tls.client.enableSessionTicketExtension", true);
    static final boolean SERVER_ENABLE_SESSION_TICKET = d6.p0.getBoolean("jdk.tls.server.enableSessionTicketExtension", false);
    static final boolean SERVER_ENABLE_SESSION_TICKET_TLSV13 = d6.p0.getBoolean("jdk.tls.server.enableSessionTicketExtension", true);
    static final boolean SERVER_ENABLE_SESSION_CACHE = d6.p0.getBoolean("io.netty.handler.ssl.openssl.sessionCacheServer", true);
    static final boolean CLIENT_ENABLE_SESSION_CACHE = d6.p0.getBoolean("io.netty.handler.ssl.openssl.sessionCacheClient", true);
    static final G NONE_PROTOCOL_NEGOTIATOR = new B0();

    static {
        Integer num = null;
        try {
            String str = d6.p0.get("jdk.tls.ephemeralDHKeySize");
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    logger.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: ".concat(str));
                }
            }
        } catch (Throwable unused2) {
        }
        DH_KEY_LENGTH = num;
    }

    public F0(Iterable<String> iterable, InterfaceC0447i interfaceC0447i, G g8, int i, Certificate[] certificateArr, EnumC0450j enumC0450j, String[] strArr, boolean z, boolean z8, boolean z9, Map.Entry<C0437e1, Object>... entryArr) {
        super(z);
        boolean z10;
        Integer num;
        this.refCnt = new A0(this);
        this.engineMap = new E0(null);
        this.ctxLock = new ReentrantReadWriteLock();
        this.bioNonApplicationBufferSize = DEFAULT_BIO_NON_APPLICATION_BUFFER_SIZE;
        F.ensureAvailability();
        if (z8 && !F.isOcspSupported()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        boolean z11 = USE_TASKS;
        if (entryArr != null) {
            num = null;
            z10 = false;
            for (Map.Entry<C0437e1, Object> entry : entryArr) {
                C0437e1 key = entry.getKey();
                if (key == P.TLS_FALSE_START) {
                    z10 = ((Boolean) entry.getValue()).booleanValue();
                } else if (key == P.USE_TASKS) {
                    z11 = ((Boolean) entry.getValue()).booleanValue();
                } else if (key == P.PRIVATE_KEY_METHOD) {
                    Q0.d0.z(entry.getValue());
                } else if (key == P.ASYNC_PRIVATE_KEY_METHOD) {
                    Q0.d0.z(entry.getValue());
                } else if (key == P.CERTIFICATE_COMPRESSION_ALGORITHMS) {
                    Q0.d0.z(entry.getValue());
                } else if (key == P.MAX_CERTIFICATE_LIST_BYTES) {
                    num = (Integer) entry.getValue();
                } else {
                    logger.debug("Skipping unsupported " + C0437e1.class.getSimpleName() + ": " + entry.getKey());
                }
            }
        } else {
            z10 = false;
            num = null;
        }
        this.tlsFalseStart = z10;
        this.leak = z9 ? leakDetector.track(this) : null;
        this.mode = i;
        this.clientAuth = isServer() ? (EnumC0450j) AbstractC0752B.checkNotNull(enumC0450j, "clientAuth") : EnumC0450j.NONE;
        this.protocols = strArr == null ? F.defaultProtocols(i == 0) : strArr;
        this.enableOcsp = z8;
        this.keyCertChain = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        String[] filterCipherSuites = ((InterfaceC0447i) AbstractC0752B.checkNotNull(interfaceC0447i, "cipherFilter")).filterCipherSuites(iterable, F.DEFAULT_CIPHERS, F.availableJavaCipherSuites());
        LinkedHashSet linkedHashSet = new LinkedHashSet(filterCipherSuites.length);
        Collections.addAll(linkedHashSet, filterCipherSuites);
        ArrayList arrayList = new ArrayList(linkedHashSet);
        this.unmodifiableCiphers = arrayList;
        this.apn = (G) AbstractC0752B.checkNotNull(g8, "apn");
        try {
            boolean isTlsv13Supported = F.isTlsv13Supported();
            try {
                this.ctx = SSLContext.make(isTlsv13Supported ? 62 : 30, i);
                StringBuilder sb = new StringBuilder();
                StringBuilder sb2 = new StringBuilder();
                try {
                    if (arrayList.isEmpty()) {
                        SSLContext.setCipherSuite(this.ctx, "", false);
                        if (isTlsv13Supported) {
                            SSLContext.setCipherSuite(this.ctx, "", true);
                        }
                    } else {
                        AbstractC0444h.convertToCipherStrings(arrayList, sb, sb2, F.isBoringSSL());
                        SSLContext.setCipherSuite(this.ctx, sb.toString(), false);
                        if (isTlsv13Supported) {
                            SSLContext.setCipherSuite(this.ctx, F.checkTls13Ciphers(logger, sb2.toString()), true);
                        }
                    }
                    int options = SSLContext.getOptions(this.ctx) | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1 | SSL.SSL_OP_NO_TLSv1_1 | SSL.SSL_OP_CIPHER_SERVER_PREFERENCE | SSL.SSL_OP_NO_COMPRESSION | SSL.SSL_OP_NO_TICKET;
                    options = sb.length() == 0 ? options | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1 | SSL.SSL_OP_NO_TLSv1_1 | SSL.SSL_OP_NO_TLSv1_2 : options;
                    SSLContext.setOptions(this.ctx, isTlsv13Supported ? options : options | SSL.SSL_OP_NO_TLSv1_3);
                    long j4 = this.ctx;
                    SSLContext.setMode(j4, SSLContext.getMode(j4) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
                    Integer num2 = DH_KEY_LENGTH;
                    if (num2 != null) {
                        SSLContext.setTmpDHLength(this.ctx, num2.intValue());
                    }
                    B0 b02 = (B0) g8;
                    List<String> protocols = b02.protocols();
                    if (!protocols.isEmpty()) {
                        String[] strArr2 = (String[]) protocols.toArray(AbstractC0766k.EMPTY_STRINGS);
                        int opensslSelectorFailureBehavior = opensslSelectorFailureBehavior(b02.selectorFailureBehavior());
                        int i7 = C0.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[b02.protocol().ordinal()];
                        if (i7 == 1) {
                            SSLContext.setNpnProtos(this.ctx, strArr2, opensslSelectorFailureBehavior);
                        } else if (i7 == 2) {
                            SSLContext.setAlpnProtos(this.ctx, strArr2, opensslSelectorFailureBehavior);
                        } else {
                            if (i7 != 3) {
                                throw new Error();
                            }
                            SSLContext.setNpnProtos(this.ctx, strArr2, opensslSelectorFailureBehavior);
                            SSLContext.setAlpnProtos(this.ctx, strArr2, opensslSelectorFailureBehavior);
                        }
                    }
                    if (z8) {
                        SSLContext.enableOcsp(this.ctx, isClient());
                    }
                    SSLContext.setUseTasks(this.ctx, z11);
                    if (num != null) {
                        SSLContext.setMaxCertList(this.ctx, num.intValue());
                    }
                    SSLContext.setCurvesList(this.ctx, F.NAMED_GROUPS);
                } catch (SSLException e5) {
                    throw e5;
                } catch (Exception e8) {
                    throw new SSLException("failed to set cipher suite: " + this.unmodifiableCiphers, e8);
                }
            } catch (Exception e9) {
                throw new SSLException("failed to create an SSL_CTX", e9);
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    public static X509TrustManager chooseTrustManager(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
                if (d6.Y.javaVersion() < 7) {
                    return x509TrustManager;
                }
                X509TrustManager wrapIfNeeded = AbstractC0466q0.wrapIfNeeded(x509TrustManager);
                return useExtendedTrustManager(wrapIfNeeded) ? new C0457m(wrapIfNeeded) : wrapIfNeeded;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    public static X509KeyManager chooseX509KeyManager(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void destroy() {
        Lock writeLock = this.ctxLock.writeLock();
        writeLock.lock();
        try {
            long j4 = this.ctx;
            if (j4 != 0) {
                if (this.enableOcsp) {
                    SSLContext.disableOcsp(j4);
                }
                SSLContext.free(this.ctx);
                this.ctx = 0L;
                AbstractC0433d0 sessionContext = sessionContext();
                if (sessionContext != null) {
                    sessionContext.destroy();
                }
            }
            writeLock.unlock();
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    public static void freeBio(long j4) {
        if (j4 != 0) {
            SSL.freeBIO(j4);
        }
    }

    private static long newBIO(AbstractC0161n abstractC0161n) {
        try {
            long newMemBIO = SSL.newMemBIO();
            int readableBytes = abstractC0161n.readableBytes();
            if (SSL.bioWrite(newMemBIO, F.memoryAddress(abstractC0161n) + abstractC0161n.readerIndex(), readableBytes) == readableBytes) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            abstractC0161n.release();
        }
    }

    private static int opensslSelectorFailureBehavior(EnumC0429c enumC0429c) {
        int i = C0.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$SelectorFailureBehavior[enumC0429c.ordinal()];
        if (i == 1) {
            return 0;
        }
        if (i == 2) {
            return 1;
        }
        throw new Error();
    }

    public static V providerFor(KeyManagerFactory keyManagerFactory, String str) {
        return keyManagerFactory instanceof C0454k0 ? ((C0454k0) keyManagerFactory).newProvider() : keyManagerFactory instanceof J ? ((J) keyManagerFactory).newProvider(str) : new V(chooseX509KeyManager(keyManagerFactory.getKeyManagers()), str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:31:0x00a0  */
    /* JADX WARN: Type inference failed for: r3v2 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void setKeyMaterial(long r16, java.security.cert.X509Certificate[] r18, java.security.PrivateKey r19, java.lang.String r20) {
        /*
            r0 = r19
            r1 = 0
            r3 = 0
            P5.o r4 = P5.InterfaceC0163o.DEFAULT     // Catch: java.lang.Throwable -> L86 java.lang.Exception -> L88 javax.net.ssl.SSLException -> L8a
            r5 = 1
            r6 = r18
            Y5.r0 r3 = Y5.AbstractC0473u0.toPEM(r4, r5, r6)     // Catch: java.lang.Throwable -> L86 java.lang.Exception -> L88 javax.net.ssl.SSLException -> L8a
            Y5.r0 r6 = r3.retain()     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L7a javax.net.ssl.SSLException -> L80
            long r14 = toBIO(r4, r6)     // Catch: java.lang.Throwable -> L74 java.lang.Exception -> L7a javax.net.ssl.SSLException -> L80
            Y5.r0 r6 = r3.retain()     // Catch: java.lang.Throwable -> L65 java.lang.Exception -> L6a javax.net.ssl.SSLException -> L6f
            long r11 = toBIO(r4, r6)     // Catch: java.lang.Throwable -> L65 java.lang.Exception -> L6a javax.net.ssl.SSLException -> L6f
            if (r0 == 0) goto L2e
            long r1 = toBIO(r4, r0)     // Catch: java.lang.Throwable -> L25 java.lang.Exception -> L28 javax.net.ssl.SSLException -> L2b
            goto L2e
        L25:
            r0 = move-exception
            goto L95
        L28:
            r0 = move-exception
            goto L8c
        L2b:
            r0 = move-exception
            goto L94
        L2e:
            if (r20 != 0) goto L34
            java.lang.String r0 = ""
            r13 = r0
            goto L36
        L34:
            r13 = r20
        L36:
            r7 = r16
            r9 = r14
            r18 = r3
            r3 = r11
            r11 = r1
            io.netty.internal.tcnative.SSLContext.setCertificateBio(r7, r9, r11, r13)     // Catch: java.lang.Throwable -> L56 java.lang.Exception -> L5b javax.net.ssl.SSLException -> L60
            r6 = r16
            io.netty.internal.tcnative.SSLContext.setCertificateChainBio(r6, r3, r5)     // Catch: java.lang.Throwable -> L56 java.lang.Exception -> L5b javax.net.ssl.SSLException -> L60
            freeBio(r1)
            freeBio(r14)
            freeBio(r3)
            r3 = r18
            b6.c r3 = (b6.AbstractC0618c) r3
            r3.release()
            return
        L56:
            r0 = move-exception
            r11 = r3
            r3 = r18
            goto L95
        L5b:
            r0 = move-exception
            r11 = r3
            r3 = r18
            goto L8c
        L60:
            r0 = move-exception
            r11 = r3
            r3 = r18
            goto L94
        L65:
            r0 = move-exception
            r18 = r3
            r11 = r1
            goto L95
        L6a:
            r0 = move-exception
            r18 = r3
            r11 = r1
            goto L8c
        L6f:
            r0 = move-exception
            r18 = r3
            r11 = r1
            goto L94
        L74:
            r0 = move-exception
            r18 = r3
        L77:
            r11 = r1
            r14 = r11
            goto L95
        L7a:
            r0 = move-exception
            r18 = r3
        L7d:
            r11 = r1
            r14 = r11
            goto L8c
        L80:
            r0 = move-exception
            r18 = r3
        L83:
            r11 = r1
            r14 = r11
            goto L94
        L86:
            r0 = move-exception
            goto L77
        L88:
            r0 = move-exception
            goto L7d
        L8a:
            r0 = move-exception
            goto L83
        L8c:
            javax.net.ssl.SSLException r4 = new javax.net.ssl.SSLException     // Catch: java.lang.Throwable -> L25
            java.lang.String r5 = "failed to set certificate and key"
            r4.<init>(r5, r0)     // Catch: java.lang.Throwable -> L25
            throw r4     // Catch: java.lang.Throwable -> L25
        L94:
            throw r0     // Catch: java.lang.Throwable -> L25
        L95:
            freeBio(r1)
            freeBio(r14)
            freeBio(r11)
            if (r3 == 0) goto La5
            b6.c r3 = (b6.AbstractC0618c) r3
            r3.release()
        La5:
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: Y5.F0.setKeyMaterial(long, java.security.cert.X509Certificate[], java.security.PrivateKey, java.lang.String):void");
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static long toBIO(InterfaceC0163o interfaceC0163o, InterfaceC0467r0 interfaceC0467r0) {
        long newBIO;
        try {
            AbstractC0161n content = interfaceC0467r0.content();
            if (content.isDirect()) {
                newBIO = newBIO(content.retainedSlice());
            } else {
                AbstractC0161n directBuffer = ((AbstractC0139c) interfaceC0163o).directBuffer(content.readableBytes());
                try {
                    directBuffer.writeBytes(content, content.readerIndex(), content.readableBytes());
                    newBIO = newBIO(directBuffer.retainedSlice());
                    try {
                        if (interfaceC0467r0.isSensitive()) {
                            H1.zeroout(directBuffer);
                        }
                        directBuffer.release();
                    } finally {
                    }
                } catch (Throwable th) {
                    try {
                        if (interfaceC0467r0.isSensitive()) {
                            H1.zeroout(directBuffer);
                        }
                        throw th;
                    } finally {
                    }
                }
            }
            return newBIO;
        } finally {
            ((AbstractC0618c) interfaceC0467r0).release();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static long toBIO(InterfaceC0163o interfaceC0163o, PrivateKey privateKey) {
        if (privateKey == null) {
            return 0L;
        }
        InterfaceC0467r0 pem = C0469s0.toPEM(interfaceC0163o, true, privateKey);
        try {
            return toBIO(interfaceC0163o, pem.retain());
        } finally {
            ((AbstractC0618c) pem).release();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static long toBIO(InterfaceC0163o interfaceC0163o, X509Certificate... x509CertificateArr) {
        if (x509CertificateArr == null) {
            return 0L;
        }
        AbstractC0752B.checkNonEmpty(x509CertificateArr, "certChain");
        InterfaceC0467r0 pem = AbstractC0473u0.toPEM(interfaceC0163o, true, x509CertificateArr);
        try {
            return toBIO(interfaceC0163o, pem.retain());
        } finally {
            ((AbstractC0618c) pem).release();
        }
    }

    public static G toNegotiator(AbstractC0432d abstractC0432d) {
        return NONE_PROTOCOL_NEGOTIATOR;
    }

    public static boolean useExtendedTrustManager(X509TrustManager x509TrustManager) {
        return d6.Y.javaVersion() >= 7 && AbstractC0468s.z(x509TrustManager);
    }

    public InterfaceC0435e applicationProtocolNegotiator() {
        return this.apn;
    }

    public int getBioNonApplicationBufferSize() {
        return this.bioNonApplicationBufferSize;
    }

    @Override // Y5.AbstractC0428b1
    public final boolean isClient() {
        return this.mode == 0;
    }

    @Override // Y5.AbstractC0428b1
    public final SSLEngine newEngine(InterfaceC0163o interfaceC0163o, String str, int i) {
        return newEngine0(interfaceC0163o, str, i, true);
    }

    public SSLEngine newEngine0(InterfaceC0163o interfaceC0163o, String str, int i, boolean z) {
        return new Q0(this, interfaceC0163o, str, i, z, true);
    }

    @Override // Y5.AbstractC0428b1
    public final C1 newHandler(InterfaceC0163o interfaceC0163o, String str, int i, boolean z) {
        return new C1(newEngine0(interfaceC0163o, str, i, false), z);
    }

    @Override // b6.InterfaceC0604J
    public final int refCnt() {
        return this.refCnt.refCnt();
    }

    @Override // b6.InterfaceC0604J
    public final boolean release() {
        return this.refCnt.release();
    }

    public final InterfaceC0604J retain() {
        this.refCnt.retain();
        return this;
    }

    @Override // Y5.AbstractC0428b1
    public abstract AbstractC0433d0 sessionContext();

    @Override // b6.InterfaceC0604J
    public final InterfaceC0604J touch(Object obj) {
        this.refCnt.touch(obj);
        return this;
    }
}
