package io.netty.handler.ssl;

import com.infraware.office.evengine.E;
import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.util.CharsetUtil;
import io.netty.util.internal.ObjectUtil;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSLContext;

/* loaded from: classes3.dex */
public abstract class OpenSslContext extends SslContext {
    private static final List<String> k;
    protected volatile long a;
    long b;
    private volatile boolean l;
    private final List<String> m;
    private final long n;
    private final long o;
    private final OpenSslEngineMap p;
    private final OpenSslApplicationProtocolNegotiator q;
    private final int r;
    private final Certificate[] s;
    private final ClientAuth t;
    private static final byte[] e = "-----BEGIN CERTIFICATE-----\n".getBytes(CharsetUtil.f);
    private static final byte[] f = "\n-----END CERTIFICATE-----\n".getBytes(CharsetUtil.f);
    private static final byte[] g = "-----BEGIN PRIVATE KEY-----\n".getBytes(CharsetUtil.f);
    private static final byte[] h = "\n-----END PRIVATE KEY-----\n".getBytes(CharsetUtil.f);
    private static final InternalLogger i = InternalLoggerFactory.a((Class<?>) OpenSslContext.class);
    private static final boolean j = SystemPropertyUtil.a("jdk.tls.rejectClientInitiatedRenegotiation", false);
    static final OpenSslApplicationProtocolNegotiator c = new OpenSslApplicationProtocolNegotiator() { // from class: io.netty.handler.ssl.OpenSslContext.1
        @Override // io.netty.handler.ssl.ApplicationProtocolNegotiator
        public List<String> a() {
            return Collections.emptyList();
        }

        @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
        public ApplicationProtocolConfig.Protocol b() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }

        @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
        public ApplicationProtocolConfig.SelectorFailureBehavior c() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior d() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }
    };

    /* loaded from: classes3.dex */
    abstract class AbstractCertificateVerifier implements CertificateVerifier {
        /* JADX INFO: Access modifiers changed from: package-private */
        public AbstractCertificateVerifier() {
        }
    }

    /* loaded from: classes3.dex */
    final class DefaultOpenSslEngineMap implements OpenSslEngineMap {
        private final Map<Long, OpenSslEngine> b;

        private DefaultOpenSslEngineMap() {
            this.b = PlatformDependent.k();
        }

        @Override // io.netty.handler.ssl.OpenSslEngineMap
        public OpenSslEngine a(long j) {
            return this.b.remove(Long.valueOf(j));
        }

        @Override // io.netty.handler.ssl.OpenSslEngineMap
        public void a(OpenSslEngine openSslEngine) {
            this.b.put(Long.valueOf(openSslEngine.a()), openSslEngine);
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA");
        k = Collections.unmodifiableList(arrayList);
        if (i.c()) {
            i.b("Default cipher suite (OpenSSL): " + arrayList);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenSslContext(Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, ApplicationProtocolConfig applicationProtocolConfig, long j2, long j3, int i2, Certificate[] certificateArr, ClientAuth clientAuth) {
        this(iterable, cipherSuiteFilter, a(applicationProtocolConfig), j2, j3, i2, certificateArr, clientAuth);
    }

    OpenSslContext(Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, OpenSslApplicationProtocolNegotiator openSslApplicationProtocolNegotiator, long j2, long j3, int i2, Certificate[] certificateArr, ClientAuth clientAuth) {
        ArrayList arrayList;
        this.p = new DefaultOpenSslEngineMap();
        OpenSsl.a();
        if (i2 != 1 && i2 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.r = i2;
        this.t = e() ? (ClientAuth) ObjectUtil.a(clientAuth, "clientAuth") : ClientAuth.NONE;
        if (i2 == 1) {
            this.l = j;
        }
        this.s = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            ArrayList arrayList2 = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (true) {
                if (!it.hasNext()) {
                    arrayList = arrayList2;
                    break;
                }
                String next = it.next();
                if (next == null) {
                    arrayList = arrayList2;
                    break;
                }
                String a = CipherSuiteConverter.a(next);
                if (a != null) {
                    next = a;
                }
                arrayList2.add(next);
            }
        } else {
            arrayList = null;
        }
        this.m = Arrays.asList(((CipherSuiteFilter) ObjectUtil.a(cipherSuiteFilter, "cipherFilter")).a(arrayList, k, OpenSsl.b()));
        this.q = (OpenSslApplicationProtocolNegotiator) ObjectUtil.a(openSslApplicationProtocolNegotiator, "apn");
        this.b = Pool.create(0L);
        try {
            synchronized (OpenSslContext.class) {
                try {
                    this.a = SSLContext.make(this.b, 28, i2);
                    SSLContext.setOptions(this.a, E.EV_EDIT_OBJECT_TYPE.eEV_OBJECT_ONLY);
                    SSLContext.setOptions(this.a, 16777216);
                    SSLContext.setOptions(this.a, 33554432);
                    SSLContext.setOptions(this.a, 4194304);
                    SSLContext.setOptions(this.a, 524288);
                    SSLContext.setOptions(this.a, 1048576);
                    SSLContext.setOptions(this.a, 65536);
                    try {
                        try {
                            SSLContext.setCipherSuite(this.a, CipherSuiteConverter.a(this.m));
                            List<String> a2 = openSslApplicationProtocolNegotiator.a();
                            if (!a2.isEmpty()) {
                                String[] strArr = (String[]) a2.toArray(new String[a2.size()]);
                                int a3 = a(openSslApplicationProtocolNegotiator.c());
                                switch (openSslApplicationProtocolNegotiator.b()) {
                                    case NPN:
                                        SSLContext.setNpnProtos(this.a, strArr, a3);
                                        break;
                                    case ALPN:
                                        SSLContext.setAlpnProtos(this.a, strArr, a3);
                                        break;
                                    case NPN_AND_ALPN:
                                        SSLContext.setNpnProtos(this.a, strArr, a3);
                                        SSLContext.setAlpnProtos(this.a, strArr, a3);
                                        break;
                                    default:
                                        throw new Error();
                                }
                            }
                            if (j2 > 0) {
                                this.n = j2;
                                SSLContext.setSessionCacheSize(this.a, j2);
                            } else {
                                long sessionCacheSize = SSLContext.setSessionCacheSize(this.a, 20480L);
                                this.n = sessionCacheSize;
                                SSLContext.setSessionCacheSize(this.a, sessionCacheSize);
                            }
                            if (j3 > 0) {
                                this.o = j3;
                                SSLContext.setSessionCacheTimeout(this.a, j3);
                            } else {
                                long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.a, 300L);
                                this.o = sessionCacheTimeout;
                                SSLContext.setSessionCacheTimeout(this.a, sessionCacheTimeout);
                            }
                        } catch (SSLException e2) {
                            throw e2;
                        }
                    } catch (Exception e3) {
                        throw new SSLException("failed to set cipher suite: " + this.m, e3);
                    }
                } catch (Exception e4) {
                    throw new SSLException("failed to create an SSL_CTX", e4);
                }
            }
        } catch (Throwable th) {
            c();
            throw th;
        }
    }

    private static int a(ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior) {
        switch (selectorFailureBehavior) {
            case NO_ADVERTISE:
                return 0;
            case CHOOSE_MY_LAST_PROTOCOL:
                return 1;
            default:
                throw new Error();
        }
    }

    static OpenSslApplicationProtocolNegotiator a(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return c;
        }
        switch (applicationProtocolConfig.b()) {
            case NPN:
            case ALPN:
            case NPN_AND_ALPN:
                switch (applicationProtocolConfig.d()) {
                    case CHOOSE_MY_LAST_PROTOCOL:
                    case ACCEPT:
                        switch (applicationProtocolConfig.c()) {
                            case NO_ADVERTISE:
                            case CHOOSE_MY_LAST_PROTOCOL:
                                return new OpenSslDefaultApplicationProtocolNegotiator(applicationProtocolConfig);
                            default:
                                throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.c() + " behavior");
                        }
                    default:
                        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.d() + " behavior");
                }
            case NONE:
                return c;
            default:
                throw new Error();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509TrustManager x509TrustManager) {
        return PlatformDependent.d() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SSLEngine a(ByteBufAllocator byteBufAllocator) {
        return a(byteBufAllocator, (String) null, -1);
    }

    public final SSLEngine a(ByteBufAllocator byteBufAllocator, String str, int i2) {
        return new OpenSslEngine(this.a, byteBufAllocator, a(), b(), this.q, this.p, this.l, str, i2, this.s, this.t);
    }

    @Override // io.netty.handler.ssl.SslContext
    public final boolean a() {
        return this.r == 0;
    }

    public abstract OpenSslSessionContext b();

    /* JADX INFO: Access modifiers changed from: protected */
    public final void c() {
        synchronized (OpenSslContext.class) {
            if (this.a != 0) {
                SSLContext.free(this.a);
                this.a = 0L;
            }
            if (this.b != 0) {
                Pool.destroy(this.b);
                this.b = 0L;
            }
        }
    }

    protected final void finalize() {
        super.finalize();
        c();
    }
}
