package io.netty.handler.ssl;

import android.support.v4.view.ViewCompat;
import com.facebook.imagepipeline.memory.DefaultFlexByteArrayPoolParams;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.util.AbstractReferenceCounted;
import io.netty.util.ReferenceCounted;
import io.netty.util.ResourceLeak;
import io.netty.util.ResourceLeakDetector;
import io.netty.util.ResourceLeakDetectorFactory;
import io.netty.util.internal.ObjectUtil;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* loaded from: classes.dex */
public abstract class ReferenceCountedOpenSslContext extends SslContext implements ReferenceCounted {
    private static final List<String> DEFAULT_CIPHERS;
    private static final Integer DH_KEY_LENGTH;
    protected static final int VERIFY_DEPTH = 10;
    private final OpenSslApplicationProtocolNegotiator apn;
    long aprPool;
    private volatile int aprPoolDestroyed;
    final ClientAuth clientAuth;
    protected volatile long ctx;
    final OpenSslEngineMap engineMap;
    final Certificate[] keyCertChain;
    private final ResourceLeak leak;
    private final int mode;
    private final AbstractReferenceCounted refCnt;
    volatile boolean rejectRemoteInitiatedRenegotiation;
    private final long sessionCacheSize;
    private final long sessionTimeout;
    private final List<String> unmodifiableCiphers;
    private static final InternalLogger logger = InternalLoggerFactory.getInstance((Class<?>) ReferenceCountedOpenSslContext.class);
    private static final boolean JDK_REJECT_CLIENT_INITIATED_RENEGOTIATION = ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: io.netty.handler.ssl.ReferenceCountedOpenSslContext.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public Boolean run() {
            return Boolean.valueOf(SystemPropertyUtil.getBoolean("jdk.tls.rejectClientInitiatedRenegotiation", false));
        }
    })).booleanValue();
    private static final ResourceLeakDetector<ReferenceCountedOpenSslContext> leakDetector = ResourceLeakDetectorFactory.instance().newResourceLeakDetector(ReferenceCountedOpenSslContext.class);
    static final OpenSslApplicationProtocolNegotiator NONE_PROTOCOL_NEGOTIATOR = new OpenSslApplicationProtocolNegotiator() { // from class: io.netty.handler.ssl.ReferenceCountedOpenSslContext.3
        @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
        public ApplicationProtocolConfig.Protocol protocol() {
            return ApplicationProtocolConfig.Protocol.NONE;
        }

        @Override // io.netty.handler.ssl.ApplicationProtocolNegotiator
        public List<String> protocols() {
            return Collections.emptyList();
        }

        @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
        public ApplicationProtocolConfig.SelectedListenerFailureBehavior selectedListenerFailureBehavior() {
            return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
        }

        @Override // io.netty.handler.ssl.OpenSslApplicationProtocolNegotiator
        public ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior() {
            return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static abstract class AbstractCertificateVerifier implements CertificateVerifier {
        private final OpenSslEngineMap engineMap;

        /* JADX INFO: Access modifiers changed from: package-private */
        public AbstractCertificateVerifier(OpenSslEngineMap openSslEngineMap) {
            this.engineMap = openSslEngineMap;
        }

        public final int verify(long j, byte[][] bArr, String str) {
            X509Certificate[] certificates = ReferenceCountedOpenSslContext.certificates(bArr);
            ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine = this.engineMap.get(j);
            try {
                verify(referenceCountedOpenSslEngine, certificates, str);
                return 0;
            } catch (Throwable th) {
                ReferenceCountedOpenSslContext.logger.debug("verification of certificate failed", th);
                SSLHandshakeException sSLHandshakeException = new SSLHandshakeException("General OpenSslEngine problem");
                sSLHandshakeException.initCause(th);
                referenceCountedOpenSslEngine.handshakeException = sSLHandshakeException;
                if (th instanceof OpenSslCertificateException) {
                    return ((OpenSslCertificateException) th).errorCode();
                }
                if (th instanceof CertificateExpiredException) {
                    return 10;
                }
                if (th instanceof CertificateNotYetValidException) {
                    return 9;
                }
                return (PlatformDependent.javaVersion() < 7 || !(th instanceof CertificateRevokedException)) ? 1 : 23;
            }
        }

        abstract void verify(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine, X509Certificate[] x509CertificateArr, String str) throws Exception;
    }

    /* loaded from: classes2.dex */
    private static final class DefaultOpenSslEngineMap implements OpenSslEngineMap {
        private final Map<Long, ReferenceCountedOpenSslEngine> engines;

        private DefaultOpenSslEngineMap() {
            this.engines = PlatformDependent.newConcurrentHashMap();
        }

        @Override // io.netty.handler.ssl.OpenSslEngineMap
        public void add(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) {
            this.engines.put(Long.valueOf(referenceCountedOpenSslEngine.sslPointer()), referenceCountedOpenSslEngine);
        }

        @Override // io.netty.handler.ssl.OpenSslEngineMap
        public ReferenceCountedOpenSslEngine get(long j) {
            return this.engines.get(Long.valueOf(j));
        }

        @Override // io.netty.handler.ssl.OpenSslEngineMap
        public ReferenceCountedOpenSslEngine remove(long j) {
            return this.engines.remove(Long.valueOf(j));
        }
    }

    static {
        Integer num;
        String str;
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES128-SHA", "AES256-SHA");
        DEFAULT_CIPHERS = Collections.unmodifiableList(arrayList);
        if (logger.isDebugEnabled()) {
            logger.debug("Default cipher suite (OpenSSL): " + arrayList);
        }
        try {
            str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: io.netty.handler.ssl.ReferenceCountedOpenSslContext.4
                @Override // java.security.PrivilegedAction
                public String run() {
                    return SystemPropertyUtil.get("jdk.tls.ephemeralDHKeySize");
                }
            });
        } catch (Throwable th) {
            num = null;
        }
        if (str != null) {
            try {
                num = Integer.valueOf(str);
            } catch (NumberFormatException e) {
                logger.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + str);
            }
            DH_KEY_LENGTH = num;
        }
        num = null;
        DH_KEY_LENGTH = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ReferenceCountedOpenSslContext(Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, boolean z, boolean z2) throws SSLException {
        this(iterable, cipherSuiteFilter, toNegotiator(applicationProtocolConfig), j, j2, i, certificateArr, clientAuth, z, z2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ReferenceCountedOpenSslContext(Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, OpenSslApplicationProtocolNegotiator openSslApplicationProtocolNegotiator, long j, long j2, int i, Certificate[] certificateArr, ClientAuth clientAuth, boolean z, boolean z2) throws SSLException {
        super(z);
        ArrayList arrayList;
        this.refCnt = new AbstractReferenceCounted() { // from class: io.netty.handler.ssl.ReferenceCountedOpenSslContext.2
            @Override // io.netty.util.AbstractReferenceCounted
            protected void deallocate() {
                ReferenceCountedOpenSslContext.this.destroy();
                if (ReferenceCountedOpenSslContext.this.leak != null) {
                    ReferenceCountedOpenSslContext.this.leak.close();
                }
            }

            @Override // io.netty.util.ReferenceCounted
            public ReferenceCounted touch(Object obj) {
                if (ReferenceCountedOpenSslContext.this.leak != null) {
                    ReferenceCountedOpenSslContext.this.leak.record(obj);
                }
                return ReferenceCountedOpenSslContext.this;
            }
        };
        this.engineMap = new DefaultOpenSslEngineMap();
        OpenSsl.ensureAvailability();
        if (i != 1 && i != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        this.leak = z2 ? leakDetector.open(this) : null;
        this.mode = i;
        this.clientAuth = isServer() ? (ClientAuth) ObjectUtil.checkNotNull(clientAuth, "clientAuth") : ClientAuth.NONE;
        if (i == 1) {
            this.rejectRemoteInitiatedRenegotiation = JDK_REJECT_CLIENT_INITIATED_RENEGOTIATION;
        }
        this.keyCertChain = certificateArr == null ? null : (Certificate[]) certificateArr.clone();
        if (iterable != null) {
            ArrayList arrayList2 = new ArrayList();
            Iterator<String> it = iterable.iterator();
            while (true) {
                if (!it.hasNext()) {
                    arrayList = arrayList2;
                    break;
                }
                String next = it.next();
                if (next == null) {
                    arrayList = arrayList2;
                    break;
                }
                String openSsl = CipherSuiteConverter.toOpenSsl(next);
                if (openSsl != null) {
                    next = openSsl;
                }
                arrayList2.add(next);
            }
        } else {
            arrayList = null;
        }
        this.unmodifiableCiphers = Arrays.asList(((CipherSuiteFilter) ObjectUtil.checkNotNull(cipherSuiteFilter, "cipherFilter")).filterCipherSuites(arrayList, DEFAULT_CIPHERS, OpenSsl.availableCipherSuites()));
        this.apn = (OpenSslApplicationProtocolNegotiator) ObjectUtil.checkNotNull(openSslApplicationProtocolNegotiator, "apn");
        this.aprPool = Pool.create(0L);
        try {
            synchronized (ReferenceCountedOpenSslContext.class) {
                try {
                    this.ctx = SSLContext.make(this.aprPool, 31, i);
                    SSLContext.setOptions(this.ctx, 4095);
                    SSLContext.setOptions(this.ctx, ViewCompat.MEASURED_STATE_TOO_SMALL);
                    SSLContext.setOptions(this.ctx, 33554432);
                    SSLContext.setOptions(this.ctx, DefaultFlexByteArrayPoolParams.DEFAULT_MAX_BYTE_ARRAY_SIZE);
                    SSLContext.setOptions(this.ctx, 524288);
                    SSLContext.setOptions(this.ctx, 1048576);
                    SSLContext.setOptions(this.ctx, 65536);
                    SSLContext.setOptions(this.ctx, 16384);
                    SSLContext.setMode(this.ctx, SSLContext.getMode(this.ctx) | 2);
                    if (DH_KEY_LENGTH != null) {
                        SSLContext.setTmpDHLength(this.ctx, DH_KEY_LENGTH.intValue());
                    }
                    try {
                        SSLContext.setCipherSuite(this.ctx, CipherSuiteConverter.toOpenSsl(this.unmodifiableCiphers));
                        List<String> protocols = openSslApplicationProtocolNegotiator.protocols();
                        if (!protocols.isEmpty()) {
                            String[] strArr = (String[]) protocols.toArray(new String[protocols.size()]);
                            int opensslSelectorFailureBehavior = opensslSelectorFailureBehavior(openSslApplicationProtocolNegotiator.selectorFailureBehavior());
                            switch (openSslApplicationProtocolNegotiator.protocol()) {
                                case NPN:
                                    SSLContext.setNpnProtos(this.ctx, strArr, opensslSelectorFailureBehavior);
                                    break;
                                case ALPN:
                                    SSLContext.setAlpnProtos(this.ctx, strArr, opensslSelectorFailureBehavior);
                                    break;
                                case NPN_AND_ALPN:
                                    SSLContext.setNpnProtos(this.ctx, strArr, opensslSelectorFailureBehavior);
                                    SSLContext.setAlpnProtos(this.ctx, strArr, opensslSelectorFailureBehavior);
                                    break;
                                default:
                                    throw new Error();
                            }
                        }
                        if (j > 0) {
                            this.sessionCacheSize = j;
                            SSLContext.setSessionCacheSize(this.ctx, j);
                        } else {
                            long sessionCacheSize = SSLContext.setSessionCacheSize(this.ctx, 20480L);
                            this.sessionCacheSize = sessionCacheSize;
                            SSLContext.setSessionCacheSize(this.ctx, sessionCacheSize);
                        }
                        if (j2 > 0) {
                            this.sessionTimeout = j2;
                            SSLContext.setSessionCacheTimeout(this.ctx, j2);
                        } else {
                            long sessionCacheTimeout = SSLContext.setSessionCacheTimeout(this.ctx, 300L);
                            this.sessionTimeout = sessionCacheTimeout;
                            SSLContext.setSessionCacheTimeout(this.ctx, sessionCacheTimeout);
                        }
                    } catch (SSLException e) {
                        throw e;
                    } catch (Exception e2) {
                        throw new SSLException("failed to set cipher suite: " + this.unmodifiableCiphers, e2);
                    }
                } catch (Exception e3) {
                    throw new SSLException("failed to create an SSL_CTX", e3);
                }
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    protected static X509Certificate[] certificates(byte[][] bArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr[i] = new OpenSslX509Certificate(bArr[i]);
        }
        return x509CertificateArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager chooseTrustManager(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager chooseX509KeyManager(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void freeBio(long j) {
        if (j != 0) {
            SSL.freeBIO(j);
        }
    }

    private static long newBIO(ByteBuf byteBuf) throws Exception {
        try {
            long newMemBIO = SSL.newMemBIO();
            int readableBytes = byteBuf.readableBytes();
            if (SSL.writeToBIO(newMemBIO, OpenSsl.memoryAddress(byteBuf) + byteBuf.readerIndex(), readableBytes) == readableBytes) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            byteBuf.release();
        }
    }

    private static int opensslSelectorFailureBehavior(ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior) {
        switch (selectorFailureBehavior) {
            case NO_ADVERTISE:
                return 0;
            case CHOOSE_MY_LAST_PROTOCOL:
                return 1;
            default:
                throw new Error();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Removed duplicated region for block: B:28:0x0062  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void setKeyMaterial(long r16, java.security.cert.X509Certificate[] r18, java.security.PrivateKey r19, java.lang.String r20) throws javax.net.ssl.SSLException {
        /*
            r12 = 0
            r4 = 0
            r6 = 0
            r3 = 0
            io.netty.buffer.ByteBufAllocator r2 = io.netty.buffer.ByteBufAllocator.DEFAULT     // Catch: javax.net.ssl.SSLException -> L4b java.lang.Exception -> L66 java.lang.Throwable -> L72
            r8 = 1
            r0 = r18
            io.netty.handler.ssl.PemEncoded r9 = io.netty.handler.ssl.PemX509Certificate.toPEM(r2, r8, r0)     // Catch: javax.net.ssl.SSLException -> L4b java.lang.Exception -> L66 java.lang.Throwable -> L72
            io.netty.buffer.ByteBufAllocator r2 = io.netty.buffer.ByteBufAllocator.DEFAULT     // Catch: java.lang.Throwable -> L70 java.lang.Exception -> L7c javax.net.ssl.SSLException -> L85
            io.netty.handler.ssl.PemEncoded r3 = r9.retain()     // Catch: java.lang.Throwable -> L70 java.lang.Exception -> L7c javax.net.ssl.SSLException -> L85
            long r4 = toBIO(r2, r3)     // Catch: java.lang.Throwable -> L70 java.lang.Exception -> L7c javax.net.ssl.SSLException -> L85
            io.netty.buffer.ByteBufAllocator r2 = io.netty.buffer.ByteBufAllocator.DEFAULT     // Catch: java.lang.Throwable -> L70 java.lang.Exception -> L7c javax.net.ssl.SSLException -> L85
            io.netty.handler.ssl.PemEncoded r3 = r9.retain()     // Catch: java.lang.Throwable -> L70 java.lang.Exception -> L7c javax.net.ssl.SSLException -> L85
            long r10 = toBIO(r2, r3)     // Catch: java.lang.Throwable -> L70 java.lang.Exception -> L7c javax.net.ssl.SSLException -> L85
            if (r19 == 0) goto L98
            long r6 = toBIO(r19)     // Catch: java.lang.Throwable -> L75 java.lang.Exception -> L7e javax.net.ssl.SSLException -> L8c
        L2a:
            if (r20 != 0) goto L48
            java.lang.String r8 = ""
        L2e:
            r2 = r16
            org.apache.tomcat.jni.SSLContext.setCertificateBio(r2, r4, r6, r8)     // Catch: java.lang.Throwable -> L78 java.lang.Exception -> L81 javax.net.ssl.SSLException -> L92
            r2 = 1
            r0 = r16
            org.apache.tomcat.jni.SSLContext.setCertificateChainBio(r0, r10, r2)     // Catch: java.lang.Throwable -> L78 java.lang.Exception -> L81 javax.net.ssl.SSLException -> L92
            freeBio(r6)
            freeBio(r4)
            freeBio(r10)
            if (r9 == 0) goto L47
            r9.release()
        L47:
            return
        L48:
            r8 = r20
            goto L2e
        L4b:
            r2 = move-exception
            r8 = r12
            r14 = r4
            r4 = r6
            r6 = r14
        L50:
            throw r2     // Catch: java.lang.Throwable -> L51
        L51:
            r2 = move-exception
            r12 = r8
            r9 = r3
            r14 = r6
            r6 = r4
            r4 = r14
        L57:
            freeBio(r12)
            freeBio(r4)
            freeBio(r6)
            if (r9 == 0) goto L65
            r9.release()
        L65:
            throw r2
        L66:
            r2 = move-exception
            r9 = r3
        L68:
            javax.net.ssl.SSLException r3 = new javax.net.ssl.SSLException     // Catch: java.lang.Throwable -> L70
            java.lang.String r8 = "failed to set certificate and key"
            r3.<init>(r8, r2)     // Catch: java.lang.Throwable -> L70
            throw r3     // Catch: java.lang.Throwable -> L70
        L70:
            r2 = move-exception
            goto L57
        L72:
            r2 = move-exception
            r9 = r3
            goto L57
        L75:
            r2 = move-exception
            r6 = r10
            goto L57
        L78:
            r2 = move-exception
            r12 = r6
            r6 = r10
            goto L57
        L7c:
            r2 = move-exception
            goto L68
        L7e:
            r2 = move-exception
            r6 = r10
            goto L68
        L81:
            r2 = move-exception
            r12 = r6
            r6 = r10
            goto L68
        L85:
            r2 = move-exception
            r3 = r9
            r8 = r12
            r14 = r4
            r4 = r6
            r6 = r14
            goto L50
        L8c:
            r2 = move-exception
            r3 = r9
            r6 = r4
            r4 = r10
            r8 = r12
            goto L50
        L92:
            r2 = move-exception
            r3 = r9
            r8 = r6
            r6 = r4
            r4 = r10
            goto L50
        L98:
            r6 = r12
            goto L2a
        */
        throw new UnsupportedOperationException("Method not decompiled: io.netty.handler.ssl.ReferenceCountedOpenSslContext.setKeyMaterial(long, java.security.cert.X509Certificate[], java.security.PrivateKey, java.lang.String):void");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long toBIO(ByteBufAllocator byteBufAllocator, PemEncoded pemEncoded) throws Exception {
        long newBIO;
        try {
            ByteBuf content = pemEncoded.content();
            if (content.isDirect()) {
                newBIO = newBIO(content.retainedSlice());
            } else {
                ByteBuf directBuffer = byteBufAllocator.directBuffer(content.readableBytes());
                try {
                    directBuffer.writeBytes(content, content.readerIndex(), content.readableBytes());
                    newBIO = newBIO(directBuffer.retainedSlice());
                    try {
                        if (pemEncoded.isSensitive()) {
                            SslUtils.zeroout(directBuffer);
                        }
                    } finally {
                    }
                } catch (Throwable th) {
                    try {
                        if (pemEncoded.isSensitive()) {
                            SslUtils.zeroout(directBuffer);
                        }
                        throw th;
                    } finally {
                    }
                }
            }
            return newBIO;
        } finally {
            pemEncoded.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long toBIO(PrivateKey privateKey) throws Exception {
        if (privateKey == null) {
            return 0L;
        }
        ByteBufAllocator byteBufAllocator = ByteBufAllocator.DEFAULT;
        PemEncoded pem = PemPrivateKey.toPEM(byteBufAllocator, true, privateKey);
        try {
            return toBIO(byteBufAllocator, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long toBIO(X509Certificate... x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        ByteBufAllocator byteBufAllocator = ByteBufAllocator.DEFAULT;
        PemEncoded pem = PemX509Certificate.toPEM(byteBufAllocator, true, x509CertificateArr);
        try {
            return toBIO(byteBufAllocator, pem.retain());
        } finally {
            pem.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OpenSslApplicationProtocolNegotiator toNegotiator(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return NONE_PROTOCOL_NEGOTIATOR;
        }
        switch (applicationProtocolConfig.protocol()) {
            case NPN:
            case ALPN:
            case NPN_AND_ALPN:
                switch (applicationProtocolConfig.selectedListenerFailureBehavior()) {
                    case CHOOSE_MY_LAST_PROTOCOL:
                    case ACCEPT:
                        switch (applicationProtocolConfig.selectorFailureBehavior()) {
                            case NO_ADVERTISE:
                            case CHOOSE_MY_LAST_PROTOCOL:
                                return new OpenSslDefaultApplicationProtocolNegotiator(applicationProtocolConfig);
                            default:
                                throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.selectorFailureBehavior() + " behavior");
                        }
                    default:
                        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.selectedListenerFailureBehavior() + " behavior");
                }
            case NONE:
                return NONE_PROTOCOL_NEGOTIATOR;
            default:
                throw new Error();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean useExtendedKeyManager(X509KeyManager x509KeyManager) {
        return PlatformDependent.javaVersion() >= 7 && (x509KeyManager instanceof X509ExtendedKeyManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean useExtendedTrustManager(X509TrustManager x509TrustManager) {
        return PlatformDependent.javaVersion() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    @Override // io.netty.handler.ssl.SslContext
    public ApplicationProtocolNegotiator applicationProtocolNegotiator() {
        return this.apn;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final List<String> cipherSuites() {
        return this.unmodifiableCiphers;
    }

    @Deprecated
    public final long context() {
        return this.ctx;
    }

    final void destroy() {
        synchronized (ReferenceCountedOpenSslContext.class) {
            if (this.ctx != 0) {
                SSLContext.free(this.ctx);
                this.ctx = 0L;
            }
            if (this.aprPool != 0) {
                Pool.destroy(this.aprPool);
                this.aprPool = 0L;
            }
        }
    }

    @Override // io.netty.handler.ssl.SslContext
    public final boolean isClient() {
        return this.mode == 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract OpenSslKeyMaterialManager keyMaterialManager();

    @Override // io.netty.handler.ssl.SslContext
    public final SSLEngine newEngine(ByteBufAllocator byteBufAllocator) {
        return newEngine(byteBufAllocator, null, -1);
    }

    @Override // io.netty.handler.ssl.SslContext
    public final SSLEngine newEngine(ByteBufAllocator byteBufAllocator, String str, int i) {
        return newEngine0(byteBufAllocator, str, i);
    }

    SSLEngine newEngine0(ByteBufAllocator byteBufAllocator, String str, int i) {
        return new ReferenceCountedOpenSslEngine(this, byteBufAllocator, str, i, true);
    }

    @Override // io.netty.util.ReferenceCounted
    public final int refCnt() {
        return this.refCnt.refCnt();
    }

    @Override // io.netty.util.ReferenceCounted
    public final boolean release() {
        return this.refCnt.release();
    }

    @Override // io.netty.util.ReferenceCounted
    public final boolean release(int i) {
        return this.refCnt.release(i);
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted retain() {
        this.refCnt.retain();
        return this;
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted retain(int i) {
        this.refCnt.retain(i);
        return this;
    }

    @Override // io.netty.handler.ssl.SslContext
    public final long sessionCacheSize() {
        return this.sessionCacheSize;
    }

    @Override // io.netty.handler.ssl.SslContext
    public abstract OpenSslSessionContext sessionContext();

    @Override // io.netty.handler.ssl.SslContext
    public final long sessionTimeout() {
        return this.sessionTimeout;
    }

    public void setRejectRemoteInitiatedRenegotiation(boolean z) {
        this.rejectRemoteInitiatedRenegotiation = z;
    }

    @Deprecated
    public final void setTicketKeys(byte[] bArr) {
        sessionContext().setTicketKeys(bArr);
    }

    public final long sslCtxPointer() {
        return this.ctx;
    }

    @Deprecated
    public final OpenSslSessionStats stats() {
        return sessionContext().stats();
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted touch() {
        this.refCnt.touch();
        return this;
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted touch(Object obj) {
        this.refCnt.touch(obj);
        return this;
    }
}
