package c.a.d.d;

import c.a.d.d.b;
import com.facebook.imagepipeline.memory.DefaultFlexByteArrayPoolParams;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* compiled from: OpenSslContext.java */
/* loaded from: classes.dex */
public abstract class ap extends bj {

    /* renamed from: a, reason: collision with root package name */
    protected static final int f3780a = 10;
    private static final List<String> l;

    /* renamed from: b, reason: collision with root package name */
    protected volatile long f3784b;

    /* renamed from: c, reason: collision with root package name */
    long f3785c;
    private volatile int m;
    private volatile boolean n;
    private final List<String> o;
    private final long p;
    private final long q;
    private final at r;
    private final aj s;
    private final int t;
    private final Certificate[] u;
    private final i v;

    /* renamed from: f, reason: collision with root package name */
    private static final byte[] f3782f = "-----BEGIN CERTIFICATE-----\n".getBytes(c.a.e.e.f4475f);

    /* renamed from: g, reason: collision with root package name */
    private static final byte[] f3783g = "\n-----END CERTIFICATE-----\n".getBytes(c.a.e.e.f4475f);
    private static final byte[] h = "-----BEGIN PRIVATE KEY-----\n".getBytes(c.a.e.e.f4475f);
    private static final byte[] i = "\n-----END PRIVATE KEY-----\n".getBytes(c.a.e.e.f4475f);
    private static final c.a.e.c.b.f j = c.a.e.c.b.g.a((Class<?>) ap.class);
    private static final boolean k = c.a.e.c.ao.a("jdk.tls.rejectClientInitiatedRenegotiation", false);

    /* renamed from: d, reason: collision with root package name */
    static final aj f3781d = new aq();

    /* compiled from: OpenSslContext.java */
    /* loaded from: classes.dex */
    abstract class a implements CertificateVerifier {
        /* JADX INFO: Access modifiers changed from: package-private */
        public a() {
        }

        abstract void a(as asVar, X509Certificate[] x509CertificateArr, String str) throws Exception;

        public final boolean a(long j, byte[][] bArr, String str) {
            X509Certificate[] a2 = ap.a(bArr);
            as a3 = ap.this.r.a(j);
            try {
                a(a3, a2, str);
                return true;
            } catch (Throwable th) {
                ap.j.b("verification of certificate failed", th);
                SSLHandshakeException sSLHandshakeException = new SSLHandshakeException("General OpenSslEngine problem");
                sSLHandshakeException.initCause(th);
                a3.f3798c = sSLHandshakeException;
                return false;
            }
        }
    }

    /* compiled from: OpenSslContext.java */
    /* loaded from: classes.dex */
    private static final class b implements at {

        /* renamed from: b, reason: collision with root package name */
        private final Map<Long, as> f3790b;

        private b() {
            this.f3790b = c.a.e.c.ae.n();
        }

        /* synthetic */ b(aq aqVar) {
            this();
        }

        @Override // c.a.d.d.at
        public as a(long j) {
            return this.f3790b.remove(Long.valueOf(j));
        }

        @Override // c.a.d.d.at
        public void a(as asVar) {
            this.f3790b.put(Long.valueOf(asVar.b()), asVar);
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA");
        l = Collections.unmodifiableList(arrayList);
        if (j.d()) {
            j.b("Default cipher suite (OpenSSL): " + arrayList);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ap(Iterable<String> iterable, h hVar, aj ajVar, long j2, long j3, int i2, Certificate[] certificateArr, i iVar) throws SSLException {
        ArrayList arrayList;
        this.r = new b(null);
        ai.e();
        if (i2 != 1 && i2 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.t = i2;
        this.v = q() ? (i) c.a.e.c.aa.a(iVar, "clientAuth") : i.NONE;
        if (i2 == 1) {
            this.n = k;
        }
        this.u = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            ArrayList arrayList2 = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (true) {
                if (!it.hasNext()) {
                    arrayList = arrayList2;
                    break;
                }
                String next = it.next();
                if (next == null) {
                    arrayList = arrayList2;
                    break;
                }
                String a2 = g.a(next);
                if (a2 != null) {
                    next = a2;
                }
                arrayList2.add(next);
            }
        } else {
            arrayList = null;
        }
        this.o = Arrays.asList(((h) c.a.e.c.aa.a(hVar, "cipherFilter")).a(arrayList, l, ai.g()));
        this.s = (aj) c.a.e.c.aa.a(ajVar, "apn");
        this.f3785c = Pool.create(0L);
        try {
            synchronized (ap.class) {
                try {
                    this.f3784b = SSLContext.make(this.f3785c, 28, i2);
                    SSLContext.setOptions(this.f3784b, 4095);
                    SSLContext.setOptions(this.f3784b, android.support.v4.view.aw.u);
                    SSLContext.setOptions(this.f3784b, 33554432);
                    SSLContext.setOptions(this.f3784b, DefaultFlexByteArrayPoolParams.DEFAULT_MAX_BYTE_ARRAY_SIZE);
                    SSLContext.setOptions(this.f3784b, 524288);
                    SSLContext.setOptions(this.f3784b, 1048576);
                    SSLContext.setOptions(this.f3784b, 65536);
                    try {
                        SSLContext.setCipherSuite(this.f3784b, g.a(this.o));
                        List<String> a3 = ajVar.a();
                        if (!a3.isEmpty()) {
                            String[] strArr = (String[]) a3.toArray(new String[a3.size()]);
                            int a4 = a(ajVar.c());
                            switch (ajVar.b()) {
                                case NPN:
                                    SSLContext.setNpnProtos(this.f3784b, strArr, a4);
                                    break;
                                case ALPN:
                                    SSLContext.setAlpnProtos(this.f3784b, strArr, a4);
                                    break;
                                case NPN_AND_ALPN:
                                    SSLContext.setNpnProtos(this.f3784b, strArr, a4);
                                    SSLContext.setAlpnProtos(this.f3784b, strArr, a4);
                                    break;
                                default:
                                    throw new Error();
                            }
                        }
                        if (j2 > 0) {
                            this.p = j2;
                            SSLContext.setSessionCacheSize(this.f3784b, j2);
                        } else {
                            long sessionCacheSize = SSLContext.setSessionCacheSize(this.f3784b, 20480L);
                            this.p = sessionCacheSize;
                            SSLContext.setSessionCacheSize(this.f3784b, sessionCacheSize);
                        }
                        if (j3 > 0) {
                            this.q = j3;
                            SSLContext.setSessionCacheTimeout(this.f3784b, j3);
                        } else {
                            long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.f3784b, 300L);
                            this.q = sessionCacheTimeout;
                            SSLContext.setSessionCacheTimeout(this.f3784b, sessionCacheTimeout);
                        }
                    } catch (SSLException e2) {
                        throw e2;
                    } catch (Exception e3) {
                        throw new SSLException("failed to set cipher suite: " + this.o, e3);
                    }
                } catch (Exception e4) {
                    throw new SSLException("failed to create an SSL_CTX", e4);
                }
            }
        } catch (Throwable th) {
            k();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ap(Iterable<String> iterable, h hVar, c.a.d.d.b bVar, long j2, long j3, int i2, Certificate[] certificateArr, i iVar) throws SSLException {
        this(iterable, hVar, a(bVar), j2, j3, i2, certificateArr, iVar);
    }

    private static int a(b.c cVar) {
        switch (cVar) {
            case NO_ADVERTISE:
                return 0;
            case CHOOSE_MY_LAST_PROTOCOL:
                return 1;
            default:
                throw new Error();
        }
    }

    private static long a(c.a.b.h hVar) throws Exception {
        long newMemBIO = SSL.newMemBIO();
        int g2 = hVar.g();
        if (SSL.writeToBIO(newMemBIO, hVar.ad(), g2) == g2) {
            return newMemBIO;
        }
        SSL.freeBIO(newMemBIO);
        throw new IllegalStateException("Could not write data to memory BIO");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        c.a.b.h b2 = c.a.b.bl.b();
        try {
            b2.b(h);
            c.a.b.h a2 = c.a.b.bl.a(privateKey.getEncoded());
            try {
                c.a.b.h a3 = c.a.d.a.a.a.a(a2, true);
                try {
                    b2.b(a3);
                    a2.M();
                    b2.b(i);
                    return a(b2);
                } finally {
                    a3.M();
                }
            } catch (Throwable th) {
                a2.M();
                throw th;
            }
        } finally {
            b2.M();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long a(X509Certificate[] x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        c.a.b.h b2 = c.a.b.bl.b();
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                b2.b(f3782f);
                c.a.b.h a2 = c.a.b.bl.a(x509Certificate.getEncoded());
                try {
                    c.a.b.h a3 = c.a.d.a.a.a.a(a2, true);
                    try {
                        b2.b(a3);
                        a3.M();
                        a2.M();
                        b2.b(f3783g);
                    } catch (Throwable th) {
                        a3.M();
                        throw th;
                    }
                } catch (Throwable th2) {
                    a2.M();
                    throw th2;
                }
            }
            return a(b2);
        } finally {
            b2.M();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static aj a(c.a.d.d.b bVar) {
        if (bVar == null) {
            return f3781d;
        }
        switch (bVar.b()) {
            case NPN:
            case ALPN:
            case NPN_AND_ALPN:
                switch (bVar.d()) {
                    case CHOOSE_MY_LAST_PROTOCOL:
                    case ACCEPT:
                        switch (bVar.c()) {
                            case NO_ADVERTISE:
                            case CHOOSE_MY_LAST_PROTOCOL:
                                return new ar(bVar);
                            default:
                                throw new UnsupportedOperationException("OpenSSL provider does not support " + bVar.c() + " behavior");
                        }
                    default:
                        throw new UnsupportedOperationException("OpenSSL provider does not support " + bVar.d() + " behavior");
                }
            case NONE:
                return f3781d;
            default:
                throw new Error();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(X509TrustManager x509TrustManager) {
        return c.a.e.c.ae.d() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    protected static X509Certificate[] a(byte[][] bArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
            x509CertificateArr[i2] = new bg(bArr[i2]);
        }
        return x509CertificateArr;
    }

    @Override // c.a.d.d.bj
    public final SSLEngine a(c.a.b.i iVar) {
        return a(iVar, (String) null, -1);
    }

    @Override // c.a.d.d.bj
    public final SSLEngine a(c.a.b.i iVar, String str, int i2) {
        return new as(this.f3784b, iVar, a(), c(), this.s, this.r, this.n, str, i2, this.u, this.v);
    }

    public void a(boolean z) {
        this.n = z;
    }

    @Deprecated
    public final void a(byte[] bArr) {
        c().b(bArr);
    }

    @Override // c.a.d.d.bj
    public final boolean a() {
        return this.t == 0;
    }

    @Override // c.a.d.d.bj
    /* renamed from: b */
    public abstract bd c();

    @Override // c.a.d.d.bj
    public final List<String> d() {
        return this.o;
    }

    @Override // c.a.d.d.bj
    public final long e() {
        return this.p;
    }

    @Override // c.a.d.d.bj
    public final long f() {
        return this.q;
    }

    protected final void finalize() throws Throwable {
        super.finalize();
        k();
    }

    @Deprecated
    public final long g() {
        return this.f3784b;
    }

    @Override // c.a.d.d.bj
    public e h() {
        return this.s;
    }

    @Deprecated
    public final be i() {
        return c().b();
    }

    public final long j() {
        return this.f3784b;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void k() {
        synchronized (ap.class) {
            if (this.f3784b != 0) {
                SSLContext.free(this.f3784b);
                this.f3784b = 0L;
            }
            if (this.f3785c != 0) {
                Pool.destroy(this.f3785c);
                this.f3785c = 0L;
            }
        }
    }
}
