package io.netty.handler.ssl;

import io.netty.handler.ssl.OpenSslContext;
import java.io.File;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* loaded from: classes.dex */
public final class OpenSslClientContext extends OpenSslContext {
    private final OpenSslSessionContext sessionContext;

    /* loaded from: classes2.dex */
    private static final class OpenSslClientSessionContext extends OpenSslSessionContext {
        private OpenSslClientSessionContext(long j) {
            super(j);
        }

        @Override // javax.net.ssl.SSLSessionContext
        public int getSessionCacheSize() {
            return 0;
        }

        @Override // javax.net.ssl.SSLSessionContext
        public int getSessionTimeout() {
            return 0;
        }

        @Override // io.netty.handler.ssl.OpenSslSessionContext
        public boolean isSessionCacheEnabled() {
            return false;
        }

        @Override // io.netty.handler.ssl.OpenSslSessionContext
        public void setSessionCacheEnabled(boolean z) {
        }

        @Override // javax.net.ssl.SSLSessionContext
        public void setSessionCacheSize(int i) {
            if (i < 0) {
                throw new IllegalArgumentException();
            }
        }

        @Override // javax.net.ssl.SSLSessionContext
        public void setSessionTimeout(int i) {
            if (i < 0) {
                throw new IllegalArgumentException();
            }
        }
    }

    @Deprecated
    public OpenSslClientContext() throws SSLException {
        this((File) null, (TrustManagerFactory) null, (File) null, (File) null, (String) null, (KeyManagerFactory) null, (Iterable<String>) null, IdentityCipherSuiteFilter.INSTANCE, (ApplicationProtocolConfig) null, 0L, 0L);
    }

    @Deprecated
    public OpenSslClientContext(File file) throws SSLException {
        this(file, null);
    }

    @Deprecated
    public OpenSslClientContext(File file, TrustManagerFactory trustManagerFactory) throws SSLException {
        this(file, trustManagerFactory, (File) null, (File) null, (String) null, (KeyManagerFactory) null, (Iterable<String>) null, IdentityCipherSuiteFilter.INSTANCE, (ApplicationProtocolConfig) null, 0L, 0L);
    }

    @Deprecated
    public OpenSslClientContext(File file, TrustManagerFactory trustManagerFactory, File file2, File file3, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        this(toX509CertificatesInternal(file), trustManagerFactory, toX509CertificatesInternal(file2), toPrivateKeyInternal(file3, str), str, keyManagerFactory, iterable, cipherSuiteFilter, applicationProtocolConfig, j, j2);
    }

    @Deprecated
    public OpenSslClientContext(File file, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        this(file, trustManagerFactory, (File) null, (File) null, (String) null, (KeyManagerFactory) null, iterable, IdentityCipherSuiteFilter.INSTANCE, applicationProtocolConfig, j, j2);
    }

    @Deprecated
    public OpenSslClientContext(File file, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        this(file, trustManagerFactory, (File) null, (File) null, (String) null, (KeyManagerFactory) null, iterable, cipherSuiteFilter, applicationProtocolConfig, j, j2);
    }

    @Deprecated
    public OpenSslClientContext(TrustManagerFactory trustManagerFactory) throws SSLException {
        this(null, trustManagerFactory);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenSslClientContext(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        super(iterable, cipherSuiteFilter, applicationProtocolConfig, j, j2, 0, x509CertificateArr2, ClientAuth.NONE);
        try {
            checkKeyManagerFactory(keyManagerFactory);
            if ((privateKey == null && x509CertificateArr2 != null) || (privateKey != null && x509CertificateArr2 == null)) {
                throw new IllegalArgumentException("Either both keyCertChain and key needs to be null or none of them");
            }
            synchronized (OpenSslContext.class) {
                if (x509CertificateArr2 != null && privateKey != null) {
                    try {
                        try {
                            long bio = toBIO(x509CertificateArr2);
                            long bio2 = toBIO(privateKey);
                            if (!SSLContext.setCertificateBio(this.ctx, bio, bio2, str, 0)) {
                                long lastErrorNumber = SSL.getLastErrorNumber();
                                if (OpenSsl.isError(lastErrorNumber)) {
                                    throw new SSLException("failed to set certificate and key: " + SSL.getErrorString(lastErrorNumber));
                                }
                            }
                            if (!SSLContext.setCertificateChainBio(this.ctx, bio, false)) {
                                long lastErrorNumber2 = SSL.getLastErrorNumber();
                                if (OpenSsl.isError(lastErrorNumber2)) {
                                    throw new SSLException("failed to set certificate chain: " + SSL.getErrorString(lastErrorNumber2));
                                }
                            }
                            if (bio2 != 0) {
                                SSL.freeBIO(bio2);
                            }
                            if (bio != 0) {
                                SSL.freeBIO(bio);
                            }
                        } catch (SSLException e) {
                            throw e;
                        } catch (Exception e2) {
                            throw new SSLException("failed to set certificate and key", e2);
                        }
                    } catch (Throwable th) {
                        if (0 != 0) {
                            SSL.freeBIO(0L);
                        }
                        if (0 != 0) {
                            SSL.freeBIO(0L);
                        }
                        throw th;
                    }
                }
                SSLContext.setVerify(this.ctx, 0, 10);
                try {
                    if (x509CertificateArr != null) {
                        trustManagerFactory = buildTrustManagerFactory(x509CertificateArr, trustManagerFactory);
                    } else if (trustManagerFactory == null) {
                        trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init((KeyStore) null);
                    }
                    final X509TrustManager chooseTrustManager = chooseTrustManager(trustManagerFactory.getTrustManagers());
                    if (useExtendedTrustManager(chooseTrustManager)) {
                        final X509ExtendedTrustManager x509ExtendedTrustManager = (X509ExtendedTrustManager) chooseTrustManager;
                        SSLContext.setCertVerifyCallback(this.ctx, new OpenSslContext.AbstractCertificateVerifier() { // from class: io.netty.handler.ssl.OpenSslClientContext.1
                            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                            {
                                super();
                            }

                            @Override // io.netty.handler.ssl.OpenSslContext.AbstractCertificateVerifier
                            void verify(OpenSslEngine openSslEngine, X509Certificate[] x509CertificateArr3, String str2) throws Exception {
                                x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr3, str2, openSslEngine);
                            }
                        });
                    } else {
                        SSLContext.setCertVerifyCallback(this.ctx, new OpenSslContext.AbstractCertificateVerifier() { // from class: io.netty.handler.ssl.OpenSslClientContext.2
                            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                            {
                                super();
                            }

                            @Override // io.netty.handler.ssl.OpenSslContext.AbstractCertificateVerifier
                            void verify(OpenSslEngine openSslEngine, X509Certificate[] x509CertificateArr3, String str2) throws Exception {
                                chooseTrustManager.checkServerTrusted(x509CertificateArr3, str2);
                            }
                        });
                    }
                } catch (Exception e3) {
                    throw new SSLException("unable to setup trustmanager", e3);
                }
            }
            this.sessionContext = new OpenSslClientSessionContext(this.ctx);
            if (1 == 0) {
                destroy();
            }
        } catch (Throwable th2) {
            if (0 == 0) {
                destroy();
            }
            throw th2;
        }
    }

    @Override // io.netty.handler.ssl.OpenSslContext, io.netty.handler.ssl.SslContext
    public OpenSslSessionContext sessionContext() {
        return this.sessionContext;
    }
}
