package io.netty.handler.ssl;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.internal.tcnative.CertificateVerifier;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import io.netty.util.ResourceLeakDetector;
import io.netty.util.internal.PlatformDependent;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes5.dex */
public abstract class a0 extends c0 implements com.microsoft.clarity.r00.n {
    private static final ResourceLeakDetector A;
    static final l B;
    private static final com.microsoft.clarity.u00.a v;
    private static final boolean w;
    private static final int x;
    private static final List y;
    private static final Integer z;
    protected volatile long c;
    private final List d;
    private final long e;
    private final long f;
    private final l g;
    private final int j;
    private final com.microsoft.clarity.r00.p k;
    private final com.microsoft.clarity.r00.b m;
    final Certificate[] n;
    final ClientAuth o;
    final String[] p;
    final boolean q;
    final p s;
    private volatile boolean t;
    private volatile int u;

    /* loaded from: classes5.dex */
    static class a implements PrivilegedAction {
        a() {
        }

        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Boolean run() {
            return Boolean.valueOf(com.microsoft.clarity.t00.l.d("jdk.tls.rejectClientInitiatedRenegotiation", false));
        }
    }

    /* loaded from: classes5.dex */
    static class b implements PrivilegedAction {
        b() {
        }

        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Integer run() {
            return Integer.valueOf(Math.max(1, com.microsoft.clarity.t00.l.e("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048)));
        }
    }

    /* loaded from: classes5.dex */
    class c extends com.microsoft.clarity.r00.b {
        c() {
        }

        @Override // com.microsoft.clarity.r00.b
        protected void deallocate() {
            a0.this.u();
            if (a0.this.k != null) {
                a0.this.k.c(a0.this);
            }
        }

        @Override // com.microsoft.clarity.r00.n
        public com.microsoft.clarity.r00.n touch(Object obj) {
            if (a0.this.k != null) {
                a0.this.k.a(obj);
            }
            return a0.this;
        }
    }

    /* loaded from: classes5.dex */
    static class d implements l {
        d() {
        }

        @Override // io.netty.handler.ssl.l
        public ApplicationProtocolConfig.SelectorFailureBehavior a() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.netty.handler.ssl.l
        public ApplicationProtocolConfig.Protocol b() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }

        @Override // com.microsoft.clarity.p00.a
        public List c() {
            return Collections.emptyList();
        }

        @Override // io.netty.handler.ssl.l
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior d() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }
    }

    /* loaded from: classes5.dex */
    static class e implements PrivilegedAction {
        e() {
        }

        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public String run() {
            return com.microsoft.clarity.t00.l.b("jdk.tls.ephemeralDHKeySize");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public static /* synthetic */ class f {
        static final /* synthetic */ int[] a;
        static final /* synthetic */ int[] b;
        static final /* synthetic */ int[] c;

        static {
            int[] iArr = new int[ApplicationProtocolConfig.SelectedListenerFailureBehavior.values().length];
            c = iArr;
            try {
                iArr[ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                c[ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[ApplicationProtocolConfig.SelectorFailureBehavior.values().length];
            b = iArr2;
            try {
                iArr2[ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                b[ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            int[] iArr3 = new int[ApplicationProtocolConfig.Protocol.values().length];
            a = iArr3;
            try {
                iArr3[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                a[ApplicationProtocolConfig.Protocol.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                a[ApplicationProtocolConfig.Protocol.NPN_AND_ALPN.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                a[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public static abstract class g extends CertificateVerifier {
        private final p a;

        /* JADX INFO: Access modifiers changed from: package-private */
        public g(p pVar) {
            this.a = pVar;
        }
    }

    /* loaded from: classes5.dex */
    private static final class h implements p {
        private final Map a;

        private h() {
            this.a = PlatformDependent.Z();
        }

        /* synthetic */ h(a aVar) {
            this();
        }

        @Override // io.netty.handler.ssl.p
        public ReferenceCountedOpenSslEngine a(long j) {
            return (ReferenceCountedOpenSslEngine) this.a.remove(Long.valueOf(j));
        }

        @Override // io.netty.handler.ssl.p
        public void b(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) {
            this.a.put(Long.valueOf(referenceCountedOpenSslEngine.O()), referenceCountedOpenSslEngine);
        }
    }

    static {
        com.microsoft.clarity.u00.a b2 = io.netty.util.internal.logging.b.b(a0.class);
        v = b2;
        w = ((Boolean) AccessController.doPrivileged(new a())).booleanValue();
        x = ((Integer) AccessController.doPrivileged(new b())).intValue();
        A = com.microsoft.clarity.r00.o.b().c(a0.class);
        B = new d();
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA");
        y = Collections.unmodifiableList(arrayList);
        if (b2.isDebugEnabled()) {
            b2.debug("Default cipher suite (OpenSSL): " + arrayList);
        }
        Integer num = null;
        try {
            String str = (String) AccessController.doPrivileged(new e());
            if (str != null) {
                try {
                    num = Integer.valueOf(str);
                } catch (NumberFormatException unused) {
                    v.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
                }
            }
        } catch (Throwable unused2) {
        }
        z = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public a0(Iterable iterable, com.microsoft.clarity.p00.b bVar, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z2, boolean z3, boolean z4) {
        this(iterable, bVar, H(applicationProtocolConfig), j, j2, i, certificateArr, clientAuth, strArr, z2, z3, z4);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public a0(Iterable iterable, com.microsoft.clarity.p00.b bVar, l lVar, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, String[] strArr, boolean z2, boolean z3, boolean z4) {
        super(z2);
        String str;
        this.m = new c();
        ArrayList arrayList = null;
        this.s = new h(0 == true ? 1 : 0);
        this.u = x;
        k.d();
        if (z3 && !k.h()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.k = z4 ? A.j(this) : null;
        this.j = i;
        this.o = k() ? (ClientAuth) com.microsoft.clarity.t00.h.a(clientAuth, "clientAuth") : ClientAuth.NONE;
        this.p = strArr;
        this.q = z3;
        if (i == 1) {
            this.t = w;
        }
        this.n = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            arrayList = new ArrayList();
            Iterator it = iterable.iterator();
            while (it.hasNext() && (str = (String) it.next()) != null) {
                String i2 = io.netty.handler.ssl.a.i(str);
                if (i2 != null) {
                    str = i2;
                }
                arrayList.add(str);
            }
        }
        List asList = Arrays.asList(((com.microsoft.clarity.p00.b) com.microsoft.clarity.t00.h.a(bVar, "cipherFilter")).a(arrayList, y, k.a()));
        this.d = asList;
        this.g = (l) com.microsoft.clarity.t00.h.a(lVar, "apn");
        try {
            synchronized (a0.class) {
                try {
                    try {
                        this.c = SSLContext.make(31, i);
                        SSLContext.setOptions(this.c, SSLContext.getOptions(this.c) | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_CIPHER_SERVER_PREFERENCE | SSL.SSL_OP_NO_COMPRESSION | SSL.SSL_OP_NO_TICKET);
                        SSLContext.setMode(this.c, SSLContext.getMode(this.c) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
                        Integer num = z;
                        if (num != null) {
                            SSLContext.setTmpDHLength(this.c, num.intValue());
                        }
                        try {
                            SSLContext.setCipherSuite(this.c, io.netty.handler.ssl.a.h(asList));
                            List c2 = lVar.c();
                            if (!c2.isEmpty()) {
                                String[] strArr2 = (String[]) c2.toArray(new String[c2.size()]);
                                int B2 = B(lVar.a());
                                int i3 = f.a[lVar.b().ordinal()];
                                if (i3 == 1) {
                                    SSLContext.setNpnProtos(this.c, strArr2, B2);
                                } else if (i3 == 2) {
                                    SSLContext.setAlpnProtos(this.c, strArr2, B2);
                                } else {
                                    if (i3 != 3) {
                                        throw new Error();
                                    }
                                    SSLContext.setNpnProtos(this.c, strArr2, B2);
                                    SSLContext.setAlpnProtos(this.c, strArr2, B2);
                                }
                            }
                            if (j > 0) {
                                this.e = j;
                                SSLContext.setSessionCacheSize(this.c, j);
                            } else {
                                long sessionCacheSize = SSLContext.setSessionCacheSize(this.c, 20480L);
                                this.e = sessionCacheSize;
                                SSLContext.setSessionCacheSize(this.c, sessionCacheSize);
                            }
                            if (j2 > 0) {
                                this.f = j2;
                                SSLContext.setSessionCacheTimeout(this.c, j2);
                            } else {
                                long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.c, 300L);
                                this.f = sessionCacheTimeout;
                                SSLContext.setSessionCacheTimeout(this.c, sessionCacheTimeout);
                            }
                            if (z3) {
                                SSLContext.enableOcsp(this.c, j());
                            }
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            throw new SSLException("failed to set cipher suite: " + this.d, e3);
                        }
                    } catch (Exception e4) {
                        throw new SSLException("failed to create an SSL_CTX", e4);
                    }
                } catch (Throwable th) {
                    throw th;
                }
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    private static int B(ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior) {
        int i = f.b[selectorFailureBehavior.ordinal()];
        if (i == 1) {
            return 0;
        }
        if (i == 2) {
            return 1;
        }
        throw new Error();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void D(long j, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) {
        long j2;
        long j3;
        long j4 = 0;
        x xVar = null;
        try {
            try {
                io.netty.buffer.j jVar = io.netty.buffer.j.a;
                xVar = PemX509Certificate.toPEM(jVar, true, x509CertificateArr);
                long E = E(jVar, xVar.z0());
                try {
                    long E2 = E(jVar, xVar.z0());
                    if (privateKey != null) {
                        try {
                            j4 = F(privateKey);
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            e = e3;
                            throw new SSLException("failed to set certificate and key", e);
                        } catch (Throwable th) {
                            th = th;
                            j3 = E;
                            j2 = E2;
                            v(j4);
                            v(j3);
                            v(j2);
                            if (xVar != null) {
                                xVar.release();
                            }
                            throw th;
                        }
                    }
                    try {
                        SSLContext.setCertificateBio(j, E, j4, str == null ? "" : str);
                        SSLContext.setCertificateChainBio(j, E2, true);
                        v(j4);
                        v(E);
                        v(E2);
                        xVar.release();
                    } catch (SSLException e4) {
                    } catch (Exception e5) {
                        e = e5;
                        throw new SSLException("failed to set certificate and key", e);
                    }
                } catch (SSLException e6) {
                } catch (Exception e7) {
                    e = e7;
                } catch (Throwable th2) {
                    th = th2;
                    j3 = E;
                    j2 = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (SSLException e8) {
            throw e8;
        } catch (Exception e9) {
            e = e9;
        } catch (Throwable th4) {
            th = th4;
            j2 = 0;
            j3 = 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long E(io.netty.buffer.j jVar, x xVar) {
        try {
            com.microsoft.clarity.h00.a content = xVar.content();
            if (content.U()) {
                return z(content.C0());
            }
            com.microsoft.clarity.h00.a d2 = jVar.d(content.t0());
            try {
                d2.b1(content, content.v0(), content.t0());
                long z2 = z(d2.C0());
                try {
                    if (xVar.isSensitive()) {
                        f0.h(d2);
                    }
                    return z2;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (xVar.isSensitive()) {
                        f0.h(d2);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            xVar.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long F(PrivateKey privateKey) {
        if (privateKey == null) {
            return 0L;
        }
        io.netty.buffer.j jVar = io.netty.buffer.j.a;
        x pem = PemPrivateKey.toPEM(jVar, true, privateKey);
        try {
            return E(jVar, pem.z0());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long G(X509Certificate... x509CertificateArr) {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        io.netty.buffer.j jVar = io.netty.buffer.j.a;
        x pem = PemX509Certificate.toPEM(jVar, true, x509CertificateArr);
        try {
            return E(jVar, pem.z0());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static l H(ApplicationProtocolConfig applicationProtocolConfig) {
        return B;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean I(X509KeyManager x509KeyManager) {
        return PlatformDependent.S() >= 7 && (x509KeyManager instanceof X509ExtendedKeyManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean J(X509TrustManager x509TrustManager) {
        return PlatformDependent.S() >= 7 && com.microsoft.clarity.p00.r.a(x509TrustManager);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager s(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager t(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void v(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    private static long z(com.microsoft.clarity.h00.a aVar) {
        try {
            long newMemBIO = SSL.newMemBIO();
            int t0 = aVar.t0();
            if (SSL.bioWrite(newMemBIO, k.j(aVar) + aVar.v0(), t0) == t0) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            aVar.release();
        }
    }

    SSLEngine A(io.netty.buffer.j jVar, String str, int i) {
        return new ReferenceCountedOpenSslEngine(this, jVar, str, i, true);
    }

    public abstract v C();

    @Override // io.netty.handler.ssl.c0
    public final boolean j() {
        return this.j == 0;
    }

    @Override // io.netty.handler.ssl.c0
    public final SSLEngine m(io.netty.buffer.j jVar, String str, int i) {
        return A(jVar, str, i);
    }

    public com.microsoft.clarity.p00.a r() {
        return this.g;
    }

    @Override // com.microsoft.clarity.r00.n
    public final int refCnt() {
        return this.m.refCnt();
    }

    @Override // com.microsoft.clarity.r00.n
    public final boolean release() {
        return this.m.release();
    }

    @Override // com.microsoft.clarity.r00.n
    public final boolean release(int i) {
        return this.m.release(i);
    }

    @Override // com.microsoft.clarity.r00.n
    /* renamed from: retain */
    public final com.microsoft.clarity.r00.n z0() {
        this.m.z0();
        return this;
    }

    @Override // com.microsoft.clarity.r00.n
    public final com.microsoft.clarity.r00.n retain(int i) {
        this.m.retain(i);
        return this;
    }

    @Override // com.microsoft.clarity.r00.n
    public final com.microsoft.clarity.r00.n touch() {
        this.m.touch();
        return this;
    }

    @Override // com.microsoft.clarity.r00.n
    public final com.microsoft.clarity.r00.n touch(Object obj) {
        this.m.touch(obj);
        return this;
    }

    final void u() {
        synchronized (a0.class) {
            if (this.c != 0) {
                if (this.q) {
                    SSLContext.disableOcsp(this.c);
                }
                SSLContext.free(this.c);
                this.c = 0L;
            }
        }
    }

    public int w() {
        return this.u;
    }

    public boolean x() {
        return this.t;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract s y();
}
