package io.netty.handler.ssl;

import io.netty.handler.ssl.ReferenceCountedOpenSslContext;
import io.netty.internal.tcnative.CertificateCallback;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import io.netty.util.internal.SuppressJava6Requirement;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashSet;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public final class ReferenceCountedOpenSslClientContext extends ReferenceCountedOpenSslContext {
    private final OpenSslSessionContext z;

    /* JADX INFO: Access modifiers changed from: private */
    @SuppressJava6Requirement
    /* loaded from: classes.dex */
    public static final class ExtendedTrustManagerVerifyCallback extends ReferenceCountedOpenSslContext.AbstractCertificateVerifier {
        ExtendedTrustManagerVerifyCallback(OpenSslEngineMap openSslEngineMap, X509ExtendedTrustManager x509ExtendedTrustManager) {
            super(openSslEngineMap);
        }
    }

    /* loaded from: classes.dex */
    private static final class OpenSslClientCertificateCallback implements CertificateCallback {
        OpenSslClientCertificateCallback(OpenSslEngineMap openSslEngineMap, OpenSslKeyMaterialManager openSslKeyMaterialManager) {
        }
    }

    /* loaded from: classes.dex */
    static final class OpenSslClientSessionContext extends OpenSslSessionContext {
        OpenSslClientSessionContext(ReferenceCountedOpenSslContext referenceCountedOpenSslContext, OpenSslKeyMaterialProvider openSslKeyMaterialProvider) {
            super(referenceCountedOpenSslContext, openSslKeyMaterialProvider, SSL.SSL_SESS_CACHE_CLIENT, new OpenSslClientSessionCache(referenceCountedOpenSslContext.m));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static final class TrustManagerVerifyCallback extends ReferenceCountedOpenSslContext.AbstractCertificateVerifier {
        TrustManagerVerifyCallback(OpenSslEngineMap openSslEngineMap, X509TrustManager x509TrustManager) {
            super(openSslEngineMap);
        }
    }

    static {
        Collections.unmodifiableSet(new LinkedHashSet(Arrays.asList("RSA", "DH_RSA", "EC", "EC_RSA", "EC_EC")));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OpenSslSessionContext l0(ReferenceCountedOpenSslContext referenceCountedOpenSslContext, long j, OpenSslEngineMap openSslEngineMap, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, String str2, long j2, long j3) {
        OpenSslKeyMaterialProvider X;
        TrustManagerFactory trustManagerFactory2;
        if ((privateKey == null && x509CertificateArr2 != null) || (privateKey != null && x509CertificateArr2 == null)) {
            throw new IllegalArgumentException("Either both keyCertChain and key needs to be null or none of them");
        }
        OpenSslKeyMaterialProvider openSslKeyMaterialProvider = null;
        try {
            try {
                if (OpenSsl.p()) {
                    if (keyManagerFactory != null || x509CertificateArr2 == null) {
                        X = keyManagerFactory != null ? ReferenceCountedOpenSslContext.X(keyManagerFactory, str) : null;
                    } else {
                        char[] s = SslContext.s(str);
                        KeyStore g = SslContext.g(x509CertificateArr2, privateKey, s, str2);
                        KeyManagerFactory openSslX509KeyManagerFactory = g.aliases().hasMoreElements() ? new OpenSslX509KeyManagerFactory() : new OpenSslCachingX509KeyManagerFactory(KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()));
                        openSslX509KeyManagerFactory.init(g, s);
                        X = ReferenceCountedOpenSslContext.X(openSslX509KeyManagerFactory, str);
                    }
                    if (X != null) {
                        try {
                            try {
                                SSLContext.setCertificateCallback(j, new OpenSslClientCertificateCallback(openSslEngineMap, new OpenSslKeyMaterialManager(X)));
                            } catch (Exception e2) {
                                e = e2;
                                throw new SSLException("failed to set certificate and key", e);
                            }
                        } catch (Throwable th) {
                            th = th;
                            openSslKeyMaterialProvider = X;
                            if (openSslKeyMaterialProvider != null) {
                                openSslKeyMaterialProvider.b();
                            }
                            throw th;
                        }
                    }
                } else {
                    if (keyManagerFactory != null) {
                        throw new IllegalArgumentException("KeyManagerFactory not supported");
                    }
                    if (x509CertificateArr2 != null) {
                        ReferenceCountedOpenSslContext.a0(j, x509CertificateArr2, privateKey, str);
                    }
                    X = null;
                }
                SSLContext.setVerify(j, 1, 10);
                try {
                    if (x509CertificateArr != null) {
                        trustManagerFactory2 = SslContext.i(x509CertificateArr, trustManagerFactory, str2);
                    } else if (trustManagerFactory == null) {
                        trustManagerFactory2 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory2.init((KeyStore) null);
                    } else {
                        trustManagerFactory2 = trustManagerFactory;
                    }
                    o0(j, openSslEngineMap, ReferenceCountedOpenSslContext.N(trustManagerFactory2.getTrustManagers()));
                    OpenSslClientSessionContext openSslClientSessionContext = new OpenSslClientSessionContext(referenceCountedOpenSslContext, X);
                    openSslClientSessionContext.e(ReferenceCountedOpenSslContext.x);
                    if (j2 > 0) {
                        openSslClientSessionContext.setSessionCacheSize((int) Math.min(j2, 2147483647L));
                    }
                    if (j3 > 0) {
                        openSslClientSessionContext.setSessionTimeout((int) Math.min(j3, 2147483647L));
                    }
                    if (ReferenceCountedOpenSslContext.u) {
                        openSslClientSessionContext.g(new OpenSslSessionTicketKey[0]);
                    }
                    return openSslClientSessionContext;
                } catch (Exception e3) {
                    if (X != null) {
                        X.b();
                    }
                    throw new SSLException("unable to setup trustmanager", e3);
                }
            } catch (Exception e4) {
                e = e4;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    @SuppressJava6Requirement
    private static void o0(long j, OpenSslEngineMap openSslEngineMap, X509TrustManager x509TrustManager) {
        if (ReferenceCountedOpenSslContext.j0(x509TrustManager)) {
            SSLContext.setCertVerifyCallback(j, new ExtendedTrustManagerVerifyCallback(openSslEngineMap, (X509ExtendedTrustManager) x509TrustManager));
        } else {
            SSLContext.setCertVerifyCallback(j, new TrustManagerVerifyCallback(openSslEngineMap, x509TrustManager));
        }
    }

    @Override // io.netty.handler.ssl.ReferenceCountedOpenSslContext, io.netty.handler.ssl.SslContext
    /* renamed from: Y */
    public OpenSslSessionContext A() {
        return this.z;
    }
}
