package io.netty.handler.ssl;

import io.netty.handler.ssl.n0;
import io.netty.internal.tcnative.CertificateCallback;
import io.netty.internal.tcnative.SSLContext;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;

/* compiled from: ReferenceCountedOpenSslClientContext.java */
/* loaded from: classes4.dex */
public final class m0 extends n0 {

    /* renamed from: T2, reason: collision with root package name */
    private static final io.netty.util.internal.logging.e f107991T2 = io.netty.util.internal.logging.f.b(m0.class);

    /* renamed from: U2, reason: collision with root package name */
    private static final Set<String> f107992U2 = Collections.unmodifiableSet(new LinkedHashSet(Arrays.asList("RSA", "DH_RSA", "EC", "EC_RSA", "EC_EC")));

    /* renamed from: V2, reason: collision with root package name */
    private static final boolean f107993V2 = io.netty.util.internal.L.d("jdk.tls.client.enableSessionTicketExtension", false);

    /* renamed from: S2, reason: collision with root package name */
    private final Y f107994S2;

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslClientContext.java */
    @io.netty.util.internal.K(reason = "Usage guarded by java version check")
    /* loaded from: classes4.dex */
    public static final class a extends n0.d {

        /* renamed from: b, reason: collision with root package name */
        private final X509ExtendedTrustManager f107995b;

        a(M m6, X509ExtendedTrustManager x509ExtendedTrustManager) {
            super(m6);
            this.f107995b = C4162b0.a(x509ExtendedTrustManager);
        }

        @Override // io.netty.handler.ssl.n0.d
        void c(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine, X509Certificate[] x509CertificateArr, String str) {
            this.f107995b.checkServerTrusted(x509CertificateArr, str, referenceCountedOpenSslEngine);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslClientContext.java */
    /* loaded from: classes4.dex */
    public static final class b implements CertificateCallback {

        /* renamed from: a, reason: collision with root package name */
        private final M f107996a;

        /* renamed from: b, reason: collision with root package name */
        private final P f107997b;

        b(M m6, P p6) {
            this.f107996a = m6;
            this.f107997b = p6;
        }

        private static String a(byte b6) {
            if (b6 == 1) {
                return "RSA";
            }
            if (b6 == 3) {
                return "DH_RSA";
            }
            switch (b6) {
                case 64:
                    return "EC";
                case 65:
                    return "EC_RSA";
                case 66:
                    return "EC_EC";
                default:
                    return null;
            }
        }

        private static Set<String> c(byte[] bArr) {
            if (bArr == null) {
                return m0.f107992U2;
            }
            HashSet hashSet = new HashSet(bArr.length);
            for (byte b6 : bArr) {
                String a6 = a(b6);
                if (a6 != null) {
                    hashSet.add(a6);
                }
            }
            return hashSet;
        }

        public void b(long j6, byte[] bArr, byte[][] bArr2) {
            X500Principal[] x500PrincipalArr;
            ReferenceCountedOpenSslEngine A02 = this.f107996a.A0(j6);
            if (A02 == null) {
                return;
            }
            try {
                Set<String> c6 = c(bArr);
                String[] strArr = (String[]) c6.toArray(new String[0]);
                if (bArr2 == null) {
                    x500PrincipalArr = null;
                } else {
                    X500Principal[] x500PrincipalArr2 = new X500Principal[bArr2.length];
                    for (int i6 = 0; i6 < bArr2.length; i6++) {
                        x500PrincipalArr2[i6] = new X500Principal(bArr2[i6]);
                    }
                    x500PrincipalArr = x500PrincipalArr2;
                }
                this.f107997b.d(A02, strArr, x500PrincipalArr);
            } catch (Throwable th) {
                m0.f107991T2.l("request of key failed", th);
                A02.T(th);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslClientContext.java */
    /* loaded from: classes4.dex */
    public static final class c extends Y {
        c(n0 n0Var, Q q6) {
            super(n0Var, q6);
        }

        @Override // io.netty.handler.ssl.Y
        public boolean b() {
            return false;
        }

        @Override // io.netty.handler.ssl.Y
        public void c(boolean z6) {
        }

        @Override // javax.net.ssl.SSLSessionContext
        public int getSessionCacheSize() {
            return 0;
        }

        @Override // javax.net.ssl.SSLSessionContext
        public int getSessionTimeout() {
            return 0;
        }

        @Override // javax.net.ssl.SSLSessionContext
        public void setSessionCacheSize(int i6) {
            if (i6 < 0) {
                throw new IllegalArgumentException();
            }
        }

        @Override // javax.net.ssl.SSLSessionContext
        public void setSessionTimeout(int i6) {
            if (i6 < 0) {
                throw new IllegalArgumentException();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslClientContext.java */
    /* loaded from: classes4.dex */
    public static final class d extends n0.d {

        /* renamed from: b, reason: collision with root package name */
        private final X509TrustManager f107998b;

        d(M m6, X509TrustManager x509TrustManager) {
            super(m6);
            this.f107998b = x509TrustManager;
        }

        @Override // io.netty.handler.ssl.n0.d
        void c(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine, X509Certificate[] x509CertificateArr, String str) {
            this.f107998b.checkServerTrusted(x509CertificateArr, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public m0(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, InterfaceC4168h interfaceC4168h, ApplicationProtocolConfig applicationProtocolConfig, String[] strArr, long j6, long j7, boolean z6, String str2) {
        super(iterable, interfaceC4168h, applicationProtocolConfig, j6, j7, 0, (Certificate[]) x509CertificateArr2, ClientAuth.NONE, strArr, false, z6, true);
        try {
            Y L12 = L1(this, this.f108009B, this.f108013M1, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, str2);
            this.f107994S2 = L12;
            if (f107993V2) {
                L12.e(new C4160a0[0]);
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Y L1(n0 n0Var, long j6, M m6, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, String str2) {
        Q n12;
        if ((privateKey == null && x509CertificateArr2 != null) || (privateKey != null && x509CertificateArr2 == null)) {
            throw new IllegalArgumentException("Either both keyCertChain and key needs to be null or none of them");
        }
        Q q6 = null;
        try {
            try {
                if (E.u()) {
                    if (keyManagerFactory != null || x509CertificateArr2 == null) {
                        n12 = keyManagerFactory != null ? n0.n1(keyManagerFactory, str) : null;
                    } else {
                        char[] E5 = v0.E(str);
                        KeyStore p6 = v0.p(x509CertificateArr2, privateKey, E5, str2);
                        KeyManagerFactory d0Var = p6.aliases().hasMoreElements() ? new d0() : new H(KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()));
                        d0Var.init(p6, E5);
                        n12 = n0.n1(d0Var, str);
                    }
                    if (n12 != null) {
                        try {
                            try {
                                SSLContext.setCertificateCallback(j6, new b(m6, new P(n12)));
                            } catch (Throwable th) {
                                th = th;
                                q6 = n12;
                                if (q6 != null) {
                                    q6.b();
                                }
                                throw th;
                            }
                        } catch (Exception e6) {
                            e = e6;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    }
                } else {
                    if (keyManagerFactory != null) {
                        throw new IllegalArgumentException("KeyManagerFactory not supported");
                    }
                    if (x509CertificateArr2 != null) {
                        n0.s1(j6, x509CertificateArr2, privateKey, str);
                    }
                    n12 = null;
                }
                SSLContext.setVerify(j6, 1, 10);
                try {
                    if (x509CertificateArr != null) {
                        trustManagerFactory = v0.u(x509CertificateArr, trustManagerFactory, str2);
                    } else if (trustManagerFactory == null) {
                        trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init((KeyStore) null);
                    }
                    M1(j6, m6, n0.X0(trustManagerFactory.getTrustManagers()));
                    return new c(n0Var, n12);
                } catch (Exception e7) {
                    if (n12 != null) {
                        n12.b();
                    }
                    throw new SSLException("unable to setup trustmanager", e7);
                }
            } catch (Throwable th2) {
                th = th2;
            }
        } catch (Exception e8) {
            e = e8;
        }
    }

    @io.netty.util.internal.K(reason = "Guarded by java version check")
    private static void M1(long j6, M m6, X509TrustManager x509TrustManager) {
        if (n0.G1(x509TrustManager)) {
            SSLContext.setCertVerifyCallback(j6, new a(m6, (X509ExtendedTrustManager) x509TrustManager));
        } else {
            SSLContext.setCertVerifyCallback(j6, new d(m6, x509TrustManager));
        }
    }

    @Override // io.netty.handler.ssl.n0, io.netty.handler.ssl.v0
    /* renamed from: o1 */
    public Y F0() {
        return this.f107994S2;
    }
}
