package io.netty.handler.ssl;

import Yf.C1608n;
import Yf.InterfaceC1606l;
import ch.qos.logback.core.joran.action.Action;
import io.netty.buffer.ByteBuf;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: classes5.dex */
public abstract class x0 {
    static final CertificateFactory X509_CERT_FACTORY;
    private final io.netty.util.f attributes;
    private final boolean startTls;

    /* loaded from: classes5.dex */
    public static /* synthetic */ class a {
        static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$SslProvider;

        static {
            int[] iArr = new int[D0.values().length];
            $SwitchMap$io$netty$handler$ssl$SslProvider = iArr;
            try {
                iArr[D0.JDK.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$SslProvider[D0.OPENSSL.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$SslProvider[D0.OPENSSL_REFCNT.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    static {
        try {
            X509_CERT_FACTORY = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new IllegalStateException("unable to instance X.509 CertificateFactory", e);
        }
    }

    public x0() {
        this(false);
    }

    public x0(boolean z10) {
        this.attributes = new io.netty.util.k();
        this.startTls = z10;
    }

    public static KeyManagerFactory buildKeyManagerFactory(KeyStore keyStore, String str, char[] cArr, KeyManagerFactory keyManagerFactory) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        if (keyManagerFactory == null) {
            if (str == null) {
                str = KeyManagerFactory.getDefaultAlgorithm();
            }
            keyManagerFactory = KeyManagerFactory.getInstance(str);
        }
        keyManagerFactory.init(keyStore, cArr);
        return keyManagerFactory;
    }

    public static KeyManagerFactory buildKeyManagerFactory(X509Certificate[] x509CertificateArr, String str, PrivateKey privateKey, String str2, KeyManagerFactory keyManagerFactory, String str3) throws KeyStoreException, NoSuchAlgorithmException, IOException, CertificateException, UnrecoverableKeyException {
        if (str == null) {
            str = KeyManagerFactory.getDefaultAlgorithm();
        }
        char[] keyStorePassword = keyStorePassword(str2);
        return buildKeyManagerFactory(buildKeyStore(x509CertificateArr, privateKey, keyStorePassword, str3), str, keyStorePassword, keyManagerFactory);
    }

    public static KeyStore buildKeyStore(X509Certificate[] x509CertificateArr, PrivateKey privateKey, char[] cArr, String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        if (str == null) {
            str = KeyStore.getDefaultType();
        }
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(null, null);
        keyStore.setKeyEntry(Action.KEY_ATTRIBUTE, privateKey, cArr, x509CertificateArr);
        return keyStore;
    }

    public static TrustManagerFactory buildTrustManagerFactory(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, String str) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
        if (str == null) {
            str = KeyStore.getDefaultType();
        }
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(null, null);
        int i = 1;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            keyStore.setCertificateEntry(Integer.toString(i), x509Certificate);
            i++;
        }
        if (trustManagerFactory == null) {
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        }
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    public static D0 defaultClientProvider() {
        return defaultProvider();
    }

    private static D0 defaultProvider() {
        return I.isAvailable() ? D0.OPENSSL : D0.JDK;
    }

    public static D0 defaultServerProvider() {
        return defaultProvider();
    }

    @Deprecated
    public static PKCS8EncodedKeySpec generateKeySpec(char[] cArr, byte[] bArr) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidKeyException, InvalidAlgorithmParameterException {
        if (cArr == null) {
            return new PKCS8EncodedKeySpec(bArr);
        }
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
        String pBEAlgorithm = getPBEAlgorithm(encryptedPrivateKeyInfo);
        SecretKey generateSecret = SecretKeyFactory.getInstance(pBEAlgorithm).generateSecret(new PBEKeySpec(cArr));
        Cipher cipher = Cipher.getInstance(pBEAlgorithm);
        cipher.init(2, generateSecret, encryptedPrivateKeyInfo.getAlgParameters());
        return encryptedPrivateKeyInfo.getKeySpec(cipher);
    }

    private static X509Certificate[] getCertificatesFromBuffers(ByteBuf[] byteBufArr) throws CertificateException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Certificate[] x509CertificateArr = new X509Certificate[byteBufArr.length];
        int i = 0;
        for (int i10 = 0; i10 < byteBufArr.length; i10++) {
            try {
                C1608n c1608n = new C1608n(byteBufArr[i10], false);
                try {
                    x509CertificateArr[i10] = (X509Certificate) certificateFactory.generateCertificate(c1608n);
                    try {
                        c1608n.close();
                    } catch (IOException e) {
                        throw new RuntimeException(e);
                    }
                } catch (Throwable th2) {
                    try {
                        c1608n.close();
                        throw th2;
                    } catch (IOException e10) {
                        throw new RuntimeException(e10);
                    }
                }
            } finally {
                int length = byteBufArr.length;
                while (i < length) {
                    byteBufArr[i].release();
                    i++;
                }
            }
        }
        return x509CertificateArr;
    }

    private static String getPBEAlgorithm(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo) {
        AlgorithmParameters algParameters = encryptedPrivateKeyInfo.getAlgParameters();
        String algName = encryptedPrivateKeyInfo.getAlgName();
        return (gg.o.javaVersion() < 8 || algParameters == null || !("1.2.840.113549.1.5.13".equals(algName) || "PBES2".equals(algName))) ? encryptedPrivateKeyInfo.getAlgName() : algParameters.toString();
    }

    private static PrivateKey getPrivateKeyFromByteBuffer(ByteBuf byteBuf, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, KeyException, IOException {
        byte[] bArr = new byte[byteBuf.readableBytes()];
        byteBuf.readBytes(bArr).release();
        PKCS8EncodedKeySpec generateKeySpec = generateKeySpec(str == null ? null : str.toCharArray(), bArr);
        try {
            try {
                try {
                    return KeyFactory.getInstance("RSA").generatePrivate(generateKeySpec);
                } catch (InvalidKeySpecException unused) {
                    return KeyFactory.getInstance("DSA").generatePrivate(generateKeySpec);
                }
            } catch (InvalidKeySpecException e) {
                throw new InvalidKeySpecException("Neither RSA, DSA nor EC worked", e);
            }
        } catch (InvalidKeySpecException unused2) {
            return KeyFactory.getInstance("EC").generatePrivate(generateKeySpec);
        }
    }

    public static char[] keyStorePassword(String str) {
        return str == null ? gg.e.EMPTY_CHARS : str.toCharArray();
    }

    public static x0 newClientContextInternal(D0 d02, Provider provider, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, InterfaceC2818j interfaceC2818j, C2803a c2803a, String[] strArr, long j, long j10, boolean z10, SecureRandom secureRandom, String str2, Map.Entry<z0<?>, Object>... entryArr) throws SSLException {
        D0 defaultClientProvider = d02 == null ? defaultClientProvider() : d02;
        int i = a.$SwitchMap$io$netty$handler$ssl$SslProvider[defaultClientProvider.ordinal()];
        if (i == 1) {
            if (!z10) {
                return new C(provider, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, interfaceC2818j, c2803a, strArr, j, j10, secureRandom, str2);
            }
            throw new IllegalArgumentException("OCSP is not supported with this SslProvider: " + defaultClientProvider);
        }
        if (i == 2) {
            verifyNullSslContextProvider(defaultClientProvider, provider);
            I.ensureAvailability();
            return new P(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, interfaceC2818j, c2803a, strArr, j, j10, z10, str2, entryArr);
        }
        if (i != 3) {
            throw new Error(defaultClientProvider.toString());
        }
        verifyNullSslContextProvider(defaultClientProvider, provider);
        I.ensureAvailability();
        return new r0(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, interfaceC2818j, c2803a, strArr, j, j10, z10, str2, entryArr);
    }

    public static x0 newServerContextInternal(D0 d02, Provider provider, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, InterfaceC2818j interfaceC2818j, C2803a c2803a, long j, long j10, EnumC2819k enumC2819k, String[] strArr, boolean z10, boolean z11, SecureRandom secureRandom, String str2, Map.Entry<z0<?>, Object>... entryArr) throws SSLException {
        D0 defaultServerProvider = d02 == null ? defaultServerProvider() : d02;
        int i = a.$SwitchMap$io$netty$handler$ssl$SslProvider[defaultServerProvider.ordinal()];
        if (i == 1) {
            if (!z11) {
                return new F(provider, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, interfaceC2818j, c2803a, j, j10, enumC2819k, strArr, z10, secureRandom, str2);
            }
            throw new IllegalArgumentException("OCSP is not supported with this SslProvider: " + defaultServerProvider);
        }
        if (i == 2) {
            verifyNullSslContextProvider(defaultServerProvider, provider);
            return new C2808c0(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, interfaceC2818j, c2803a, j, j10, enumC2819k, strArr, z10, z11, str2, entryArr);
        }
        if (i != 3) {
            throw new Error(defaultServerProvider.toString());
        }
        verifyNullSslContextProvider(defaultServerProvider, provider);
        return new t0(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, interfaceC2818j, c2803a, j, j10, enumC2819k, strArr, z10, z11, str2, entryArr);
    }

    public static PrivateKey toPrivateKey(InputStream inputStream, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, KeyException, IOException {
        if (inputStream == null) {
            return null;
        }
        if (C2816h.isAvailable()) {
            if (!inputStream.markSupported()) {
                inputStream = new BufferedInputStream(inputStream);
            }
            inputStream.mark(1048576);
            PrivateKey privateKey = C2816h.getPrivateKey(inputStream, str);
            if (privateKey != null) {
                return privateKey;
            }
            inputStream.reset();
        }
        return getPrivateKeyFromByteBuffer(o0.readPrivateKey(inputStream), str);
    }

    public static X509Certificate[] toX509Certificates(InputStream inputStream) throws CertificateException {
        if (inputStream == null) {
            return null;
        }
        return getCertificatesFromBuffers(o0.readCertificates(inputStream));
    }

    private static void verifyNullSslContextProvider(D0 d02, Provider provider) {
        if (provider == null) {
            return;
        }
        throw new IllegalArgumentException("Java Security Provider unsupported for SslProvider: " + d02);
    }

    public abstract boolean isClient();

    public final boolean isServer() {
        return !isClient();
    }

    public abstract SSLEngine newEngine(InterfaceC1606l interfaceC1606l, String str, int i);

    public final A0 newHandler(InterfaceC1606l interfaceC1606l, String str, int i) {
        return newHandler(interfaceC1606l, str, i, this.startTls);
    }

    public A0 newHandler(InterfaceC1606l interfaceC1606l, String str, int i, boolean z10) {
        return new A0(newEngine(interfaceC1606l, str, i), z10);
    }

    public abstract SSLSessionContext sessionContext();

    public long sessionTimeout() {
        return sessionContext().getSessionTimeout();
    }
}
