package io.netty.handler.ssl;

import io.netty.buffer.ByteBufAllocator;
import io.netty.internal.tcnative.CertificateCallback;
import io.netty.internal.tcnative.SSLContext;
import io.netty.internal.tcnative.SniHostNameMatcher;
import io.netty.util.internal.ObjectUtil;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes4.dex */
public final class ReferenceCountedOpenSslServerContext extends ReferenceCountedOpenSslContext {

    /* renamed from: l1, reason: collision with root package name */
    public static final InternalLogger f5075l1 = InternalLoggerFactory.getInstance((Class<?>) ReferenceCountedOpenSslServerContext.class);

    /* renamed from: m1, reason: collision with root package name */
    public static final byte[] f5076m1 = {110, 101, 116, 116, 121};

    /* renamed from: k1, reason: collision with root package name */
    public final OpenSslServerSessionContext f5077k1;

    public ReferenceCountedOpenSslServerContext(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable iterable, CipherSuiteFilter cipherSuiteFilter, ApplicationProtocolConfig applicationProtocolConfig, long j10, long j11, ClientAuth clientAuth, String[] strArr, boolean z10, boolean z11, String str2, Map.Entry... entryArr) {
        super(iterable, cipherSuiteFilter, ReferenceCountedOpenSslContext.E(applicationProtocolConfig), 1, x509CertificateArr2, clientAuth, strArr, z10, z11, true, entryArr);
        try {
            OpenSslServerSessionContext G = G(this, this.f5046y, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, str2, j10, j11);
            this.f5077k1 = G;
            if (ReferenceCountedOpenSslContext.f5041f1) {
                G.setTicketKeys(new OpenSslSessionTicketKey[0]);
            }
        } catch (Throwable th2) {
            release();
            throw th2;
        }
    }

    /* JADX WARN: Type inference failed for: r2v11, types: [java.lang.Object, io.netty.internal.tcnative.SniHostNameMatcher] */
    /* JADX WARN: Type inference failed for: r5v3, types: [java.lang.Object, io.netty.internal.tcnative.CertificateCallback] */
    public static OpenSslServerSessionContext G(ReferenceCountedOpenSslContext referenceCountedOpenSslContext, long j10, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, String str2, long j11, long j12) {
        KeyManagerFactory keyManagerFactory2;
        h1 z10;
        TrustManagerFactory trustManagerFactory2;
        long D;
        h1 h1Var = null;
        try {
            try {
                SSLContext.setVerify(j10, 0, 10);
                if (OpenSsl.l()) {
                    if (keyManagerFactory == null) {
                        char[] e = SslContext.e(str);
                        KeyStore a = SslContext.a(x509CertificateArr2, privateKey, e, str2);
                        keyManagerFactory2 = a.aliases().hasMoreElements() ? new OpenSslX509KeyManagerFactory() : new OpenSslCachingX509KeyManagerFactory(KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()));
                        keyManagerFactory2.init(a, e);
                    } else {
                        keyManagerFactory2 = keyManagerFactory;
                    }
                    z10 = ReferenceCountedOpenSslContext.z(keyManagerFactory2, str);
                    try {
                        try {
                            SSLContext.setCertificateCallback(j10, (CertificateCallback) new Object());
                        } catch (Exception e10) {
                            e = e10;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    } catch (Throwable th2) {
                        th = th2;
                        h1Var = z10;
                        if (h1Var != null) {
                            h1Var.b();
                        }
                        throw th;
                    }
                } else {
                    if (keyManagerFactory != null) {
                        throw new IllegalArgumentException("KeyManagerFactory not supported");
                    }
                    ObjectUtil.checkNotNull(x509CertificateArr2, "keyCertChain");
                    ReferenceCountedOpenSslContext.A(j10, x509CertificateArr2, privateKey, str);
                    z10 = null;
                }
                try {
                    if (x509CertificateArr != null) {
                        trustManagerFactory2 = SslContext.b(x509CertificateArr, trustManagerFactory, str2);
                    } else if (trustManagerFactory == null) {
                        trustManagerFactory2 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory2.init((KeyStore) null);
                    } else {
                        trustManagerFactory2 = trustManagerFactory;
                    }
                    X509TrustManager t10 = ReferenceCountedOpenSslContext.t(trustManagerFactory2.getTrustManagers());
                    H(j10, t10);
                    X509Certificate[] acceptedIssuers = t10.getAcceptedIssuers();
                    long j13 = 0;
                    if (acceptedIssuers != null && acceptedIssuers.length > 0) {
                        try {
                            D = ReferenceCountedOpenSslContext.D(ByteBufAllocator.DEFAULT, acceptedIssuers);
                        } catch (Throwable th3) {
                            th = th3;
                        }
                        try {
                            if (!SSLContext.setCACertificateBio(j10, D)) {
                                throw new SSLException("unable to setup accepted issuers for trustmanager " + t10);
                            }
                            ReferenceCountedOpenSslContext.w(D);
                        } catch (Throwable th4) {
                            th = th4;
                            j13 = D;
                            ReferenceCountedOpenSslContext.w(j13);
                            throw th;
                        }
                    }
                    if (PlatformDependent.javaVersion() >= 8) {
                        SSLContext.setSniHostnameMatcher(j10, (SniHostNameMatcher) new Object());
                    }
                    OpenSslServerSessionContext openSslServerSessionContext = new OpenSslServerSessionContext(referenceCountedOpenSslContext, z10);
                    openSslServerSessionContext.setSessionIdContext(f5076m1);
                    openSslServerSessionContext.setSessionCacheEnabled(ReferenceCountedOpenSslContext.f5043h1);
                    if (j11 > 0) {
                        openSslServerSessionContext.setSessionCacheSize((int) Math.min(j11, 2147483647L));
                    }
                    if (j12 > 0) {
                        openSslServerSessionContext.setSessionTimeout((int) Math.min(j12, 2147483647L));
                    }
                    return openSslServerSessionContext;
                } catch (SSLException e11) {
                    throw e11;
                } catch (Exception e12) {
                    throw new SSLException("unable to setup trustmanager", e12);
                }
            } catch (Exception e13) {
                e = e13;
            }
        } catch (Throwable th5) {
            th = th5;
        }
    }

    public static void H(long j10, X509TrustManager x509TrustManager) {
        if (!ReferenceCountedOpenSslContext.F(x509TrustManager)) {
            SSLContext.setCertVerifyCallback(j10, new h2());
        } else {
            SSLContext.setCertVerifyCallback(j10, new h2());
        }
    }

    @Override // io.netty.handler.ssl.ReferenceCountedOpenSslContext, io.netty.handler.ssl.SslContext
    public OpenSslServerSessionContext sessionContext() {
        return this.f5077k1;
    }
}
