package io.grpc.netty.shaded.io.netty.handler.ssl;

import io.grpc.netty.shaded.io.netty.buffer.ByteBufAllocator;
import io.grpc.netty.shaded.io.netty.handler.ssl.ReferenceCountedOpenSslContext;
import io.grpc.netty.shaded.io.netty.internal.tcnative.CertificateCallback;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SSLContext;
import io.grpc.netty.shaded.io.netty.internal.tcnative.SniHostNameMatcher;
import io.grpc.netty.shaded.io.netty.util.internal.EmptyArrays;
import io.grpc.netty.shaded.io.netty.util.internal.PlatformDependent;
import io.grpc.netty.shaded.io.netty.util.internal.SuppressJava6Requirement;
import io.grpc.netty.shaded.io.netty.util.internal.SystemPropertyUtil;
import io.grpc.netty.shaded.io.netty.util.internal.logging.InternalLogger;
import io.grpc.netty.shaded.io.netty.util.internal.logging.InternalLoggerFactory;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.concurrent.locks.Lock;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes5.dex */
public final class ReferenceCountedOpenSslServerContext extends ReferenceCountedOpenSslContext {
    public static final InternalLogger w = InternalLoggerFactory.b(ReferenceCountedOpenSslServerContext.class.getName());

    /* renamed from: x, reason: collision with root package name */
    public static final byte[] f32492x = {110, 101, 116, 116, 121};

    /* renamed from: y, reason: collision with root package name */
    public static final boolean f32493y = SystemPropertyUtil.c("jdk.tls.server.enableSessionTicketExtension", false);

    /* renamed from: v, reason: collision with root package name */
    public final OpenSslServerSessionContext f32494v;

    @SuppressJava6Requirement
    /* loaded from: classes5.dex */
    public static final class ExtendedTrustManagerVerifyCallback extends ReferenceCountedOpenSslContext.AbstractCertificateVerifier {
        public ExtendedTrustManagerVerifyCallback(ReferenceCountedOpenSslContext.DefaultOpenSslEngineMap defaultOpenSslEngineMap, X509ExtendedTrustManager x509ExtendedTrustManager) {
            super(defaultOpenSslEngineMap);
            int i2 = OpenSslTlsv13X509ExtendedTrustManager.b;
            if (SslProvider.a(SslProvider.JDK) || !SslProvider.a(SslProvider.OPENSSL)) {
                return;
            }
            new OpenSslTlsv13X509ExtendedTrustManager(x509ExtendedTrustManager);
        }
    }

    /* loaded from: classes5.dex */
    public static final class OpenSslServerCertificateCallback implements CertificateCallback {

        /* renamed from: a, reason: collision with root package name */
        public final OpenSslEngineMap f32495a;

        public OpenSslServerCertificateCallback(ReferenceCountedOpenSslContext.DefaultOpenSslEngineMap defaultOpenSslEngineMap, OpenSslKeyMaterialManager openSslKeyMaterialManager) {
            this.f32495a = defaultOpenSslEngineMap;
        }
    }

    /* loaded from: classes5.dex */
    public static final class OpenSslSniHostnameMatcher implements SniHostNameMatcher {

        /* renamed from: a, reason: collision with root package name */
        public final OpenSslEngineMap f32496a;

        public OpenSslSniHostnameMatcher(ReferenceCountedOpenSslContext.DefaultOpenSslEngineMap defaultOpenSslEngineMap) {
            this.f32496a = defaultOpenSslEngineMap;
        }
    }

    /* loaded from: classes5.dex */
    public static final class TrustManagerVerifyCallback extends ReferenceCountedOpenSslContext.AbstractCertificateVerifier {
        public TrustManagerVerifyCallback(ReferenceCountedOpenSslContext.DefaultOpenSslEngineMap defaultOpenSslEngineMap, X509TrustManager x509TrustManager) {
            super(defaultOpenSslEngineMap);
        }
    }

    public ReferenceCountedOpenSslServerContext(Iterable iterable, CipherSuiteFilter cipherSuiteFilter, ApplicationProtocolConfig applicationProtocolConfig, String[] strArr, String str) {
        super(iterable, cipherSuiteFilter, ReferenceCountedOpenSslContext.C(applicationProtocolConfig), 1, strArr, true);
        try {
            OpenSslServerSessionContext D = D(this, this.c, this.f32450m, str);
            this.f32494v = D;
            if (f32493y) {
                D.a(new OpenSslSessionTicketKey[0]);
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    public static OpenSslServerSessionContext D(ReferenceCountedOpenSslContext referenceCountedOpenSslContext, long j2, ReferenceCountedOpenSslContext.DefaultOpenSslEngineMap defaultOpenSslEngineMap, String str) {
        OpenSslKeyMaterialProvider openSslKeyMaterialProvider;
        try {
            try {
                SSLContext.setVerify(j2, 0, 10);
                if (!OpenSsl.f32400g) {
                    throw new NullPointerException("keyCertChain");
                }
                char[] cArr = EmptyArrays.b;
                KeyStore b = SslContext.b(cArr, str);
                KeyManagerFactory openSslX509KeyManagerFactory = b.aliases().hasMoreElements() ? new OpenSslX509KeyManagerFactory() : new OpenSslCachingX509KeyManagerFactory(KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()), 0);
                openSslX509KeyManagerFactory.init(b, cArr);
                openSslKeyMaterialProvider = ReferenceCountedOpenSslContext.t(openSslX509KeyManagerFactory);
                try {
                    try {
                        SSLContext.setCertificateCallback(j2, new OpenSslServerCertificateCallback(defaultOpenSslEngineMap, new OpenSslKeyMaterialManager(openSslKeyMaterialProvider)));
                        try {
                            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                            trustManagerFactory.init((KeyStore) null);
                            X509TrustManager l2 = ReferenceCountedOpenSslContext.l(trustManagerFactory.getTrustManagers());
                            E(j2, defaultOpenSslEngineMap, l2);
                            X509Certificate[] acceptedIssuers = l2.getAcceptedIssuers();
                            if (acceptedIssuers != null && acceptedIssuers.length > 0) {
                                long j3 = 0;
                                try {
                                    j3 = ReferenceCountedOpenSslContext.x(ByteBufAllocator.f30788a, acceptedIssuers);
                                    if (!SSLContext.setCACertificateBio(j2, j3)) {
                                        throw new SSLException("unable to setup accepted issuers for trustmanager " + l2);
                                    }
                                } finally {
                                    ReferenceCountedOpenSslContext.n(j3);
                                }
                            }
                            if (PlatformDependent.K() >= 8) {
                                SSLContext.setSniHostnameMatcher(j2, new OpenSslSniHostnameMatcher(defaultOpenSslEngineMap));
                            }
                            OpenSslServerSessionContext openSslServerSessionContext = new OpenSslServerSessionContext(referenceCountedOpenSslContext, openSslKeyMaterialProvider);
                            byte[] bArr = f32492x;
                            Lock writeLock = referenceCountedOpenSslContext.n.writeLock();
                            writeLock.lock();
                            try {
                                SSLContext.setSessionIdContext(referenceCountedOpenSslContext.c, bArr);
                                return openSslServerSessionContext;
                            } finally {
                                writeLock.unlock();
                            }
                        } catch (SSLException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            throw new SSLException("unable to setup trustmanager", e3);
                        }
                    } catch (Exception e4) {
                        e = e4;
                        throw new SSLException("failed to set certificate and key", e);
                    }
                } catch (Throwable th) {
                    th = th;
                    if (openSslKeyMaterialProvider != null) {
                        openSslKeyMaterialProvider.b();
                    }
                    throw th;
                }
            } catch (Exception e5) {
                e = e5;
            }
        } catch (Throwable th2) {
            th = th2;
            openSslKeyMaterialProvider = null;
        }
    }

    public static void E(long j2, ReferenceCountedOpenSslContext.DefaultOpenSslEngineMap defaultOpenSslEngineMap, X509TrustManager x509TrustManager) {
        SSLContext.setCertVerifyCallback(j2, PlatformDependent.K() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager) ? new ExtendedTrustManagerVerifyCallback(defaultOpenSslEngineMap, (X509ExtendedTrustManager) x509TrustManager) : new TrustManagerVerifyCallback(defaultOpenSslEngineMap, x509TrustManager));
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.ReferenceCountedOpenSslContext
    public final OpenSslSessionContext v() {
        return this.f32494v;
    }
}
