package io.netty.handler.ssl;

import io.netty.handler.ssl.k1;
import io.netty.internal.tcnative.SSLContext;
import io.netty.internal.tcnative.SniHostNameMatcher;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* compiled from: ReferenceCountedOpenSslServerContext.java */
/* loaded from: classes13.dex */
public final class r1 extends k1 {
    private static final io.netty.util.internal.logging.f B = io.netty.util.internal.logging.g.b(r1.class);
    private static final byte[] C = {110, 101, 116, 116, 121};
    private final v0 A;

    /* renamed from: z, reason: collision with root package name */
    private final y0 f75362z;

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslServerContext.java */
    /* loaded from: classes13.dex */
    public static final class a extends k1.g {

        /* renamed from: b, reason: collision with root package name */
        private final X509ExtendedTrustManager f75363b;

        a(s0 s0Var, X509ExtendedTrustManager x509ExtendedTrustManager) {
            super(s0Var);
            this.f75363b = x509ExtendedTrustManager;
        }

        @Override // io.netty.handler.ssl.k1.g
        void b(q1 q1Var, X509Certificate[] x509CertificateArr, String str) throws Exception {
            this.f75363b.checkClientTrusted(x509CertificateArr, str, q1Var);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslServerContext.java */
    /* loaded from: classes13.dex */
    public static final class b implements SniHostNameMatcher {

        /* renamed from: a, reason: collision with root package name */
        private final s0 f75364a;

        b(s0 s0Var) {
            this.f75364a = s0Var;
        }

        public boolean a(long j10, String str) {
            q1 r02 = this.f75364a.r0(j10);
            if (r02 != null) {
                return r02.A(str);
            }
            r1.B.s("No ReferenceCountedOpenSslEngine found for SSL pointer: {}", Long.valueOf(j10));
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslServerContext.java */
    /* loaded from: classes13.dex */
    public static final class c {

        /* renamed from: a, reason: collision with root package name */
        y0 f75365a;

        /* renamed from: b, reason: collision with root package name */
        v0 f75366b;

        c() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslServerContext.java */
    /* loaded from: classes13.dex */
    public static final class d extends k1.g {

        /* renamed from: b, reason: collision with root package name */
        private final X509TrustManager f75367b;

        d(s0 s0Var, X509TrustManager x509TrustManager) {
            super(s0Var);
            this.f75367b = x509TrustManager;
        }

        @Override // io.netty.handler.ssl.k1.g
        void b(q1 q1Var, X509Certificate[] x509CertificateArr, String str) throws Exception {
            this.f75367b.checkClientTrusted(x509CertificateArr, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public r1(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, i iVar, io.netty.handler.ssl.c cVar, long j10, long j11, j jVar, String[] strArr, boolean z9, boolean z10) throws SSLException {
        this(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, iVar, k1.u1(cVar), j10, j11, jVar, strArr, z9, z10);
    }

    private r1(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, i iVar, m0 m0Var, long j10, long j11, j jVar, String[] strArr, boolean z9, boolean z10) throws SSLException {
        super(iterable, iVar, m0Var, j10, j11, 1, (Certificate[]) x509CertificateArr2, jVar, strArr, z9, z10, true);
        try {
            c y12 = y1(this, this.f75264c, this.f75276o, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory);
            this.f75362z = y12.f75365a;
            this.A = y12.f75366b;
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static c y1(k1 k1Var, long j10, s0 s0Var, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory) throws SSLException {
        c cVar = new c();
        try {
            SSLContext.setVerify(j10, 0, 10);
            if (l0.r()) {
                if (keyManagerFactory == null) {
                    keyManagerFactory = v1.d(x509CertificateArr2, privateKey, str, keyManagerFactory);
                }
                X509KeyManager Q0 = k1.Q0(keyManagerFactory.getKeyManagers());
                cVar.f75366b = k1.v1(Q0) ? new t0((X509ExtendedKeyManager) Q0, str) : new v0(Q0, str);
            } else {
                if (keyManagerFactory != null) {
                    throw new IllegalArgumentException("KeyManagerFactory not supported");
                }
                io.netty.util.internal.s.b(x509CertificateArr2, "keyCertChain");
                k1.h1(j10, x509CertificateArr2, privateKey, str);
            }
            try {
                if (x509CertificateArr != null) {
                    trustManagerFactory = v1.g(x509CertificateArr, trustManagerFactory);
                } else if (trustManagerFactory == null) {
                    trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init((KeyStore) null);
                }
                X509TrustManager P0 = k1.P0(trustManagerFactory.getTrustManagers());
                if (k1.w1(P0)) {
                    SSLContext.setCertVerifyCallback(j10, new a(s0Var, (X509ExtendedTrustManager) P0));
                } else {
                    SSLContext.setCertVerifyCallback(j10, new d(s0Var, P0));
                }
                X509Certificate[] acceptedIssuers = P0.getAcceptedIssuers();
                if (acceptedIssuers != null && acceptedIssuers.length > 0) {
                    long j11 = 0;
                    try {
                        j11 = k1.s1(acceptedIssuers);
                        if (!SSLContext.setCACertificateBio(j10, j11)) {
                            throw new SSLException("unable to setup accepted issuers for trustmanager " + P0);
                        }
                    } finally {
                        k1.U0(j11);
                    }
                }
                if (io.netty.util.internal.v.g0() >= 8) {
                    SSLContext.setSniHostnameMatcher(j10, new b(s0Var));
                }
                y0 y0Var = new y0(k1Var);
                cVar.f75365a = y0Var;
                y0Var.f(C);
                return cVar;
            } catch (SSLException e10) {
                throw e10;
            } catch (Exception e11) {
                throw new SSLException("unable to setup trustmanager", e11);
            }
        } catch (Exception e12) {
            throw new SSLException("failed to set certificate and key", e12);
        }
    }

    @Override // io.netty.handler.ssl.k1
    v0 Z0() {
        return this.A;
    }

    @Override // io.netty.handler.ssl.k1, io.netty.handler.ssl.v1
    /* renamed from: z1, reason: merged with bridge method [inline-methods] */
    public y0 z0() {
        return this.f75362z;
    }
}
