package io.netty.handler.ssl;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufInputStream;
import io.netty.handler.ssl.OpenSslContext;
import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* loaded from: input_file:io/netty/handler/ssl/OpenSslClientContext.class */
public final class OpenSslClientContext extends OpenSslContext {
    private final OpenSslSessionContext sessionContext;

    /* loaded from: input_file:io/netty/handler/ssl/OpenSslClientContext$OpenSslClientSessionContext.class */
    private static final class OpenSslClientSessionContext extends OpenSslSessionContext {
        private OpenSslClientSessionContext(long j) {
            super(j);
        }

        @Override // javax.net.ssl.SSLSessionContext
        public void setSessionTimeout(int i) {
            if (i < 0) {
                throw new IllegalArgumentException();
            }
        }

        @Override // javax.net.ssl.SSLSessionContext
        public int getSessionTimeout() {
            return 0;
        }

        @Override // javax.net.ssl.SSLSessionContext
        public void setSessionCacheSize(int i) {
            if (i < 0) {
                throw new IllegalArgumentException();
            }
        }

        @Override // javax.net.ssl.SSLSessionContext
        public int getSessionCacheSize() {
            return 0;
        }

        @Override // io.netty.handler.ssl.OpenSslSessionContext
        public void setSessionCacheEnabled(boolean z) {
        }

        @Override // io.netty.handler.ssl.OpenSslSessionContext
        public boolean isSessionCacheEnabled() {
            return false;
        }
    }

    public OpenSslClientContext() throws SSLException {
        this(null, null, null, null, null, null, null, IdentityCipherSuiteFilter.INSTANCE, null, 0L, 0L);
    }

    public OpenSslClientContext(File file) throws SSLException {
        this(file, null);
    }

    public OpenSslClientContext(TrustManagerFactory trustManagerFactory) throws SSLException {
        this(null, trustManagerFactory);
    }

    public OpenSslClientContext(File file, TrustManagerFactory trustManagerFactory) throws SSLException {
        this(file, trustManagerFactory, null, null, null, null, null, IdentityCipherSuiteFilter.INSTANCE, null, 0L, 0L);
    }

    @Deprecated
    public OpenSslClientContext(File file, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        this(file, trustManagerFactory, null, null, null, null, iterable, IdentityCipherSuiteFilter.INSTANCE, applicationProtocolConfig, j, j2);
    }

    @Deprecated
    public OpenSslClientContext(File file, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        this(file, trustManagerFactory, null, null, null, null, iterable, cipherSuiteFilter, applicationProtocolConfig, j, j2);
    }

    public OpenSslClientContext(File file, TrustManagerFactory trustManagerFactory, File file2, File file3, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, CipherSuiteFilter cipherSuiteFilter, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        super(iterable, cipherSuiteFilter, applicationProtocolConfig, j, j2, 0);
        if (file != null) {
            try {
                if (!file.isFile()) {
                    throw new IllegalArgumentException("trustCertChainFile is not a file: " + file);
                }
            } catch (Throwable th) {
                if (0 == 0) {
                    destroyPools();
                }
                throw th;
            }
        }
        if (file2 != null && !file2.isFile()) {
            throw new IllegalArgumentException("keyCertChainFile is not a file: " + file2);
        }
        if (file3 != null && !file3.isFile()) {
            throw new IllegalArgumentException("keyFile is not a file: " + file3);
        }
        if ((file3 == null && file2 != null) || (file3 != null && file2 == null)) {
            throw new IllegalArgumentException("Either both keyCertChainFile and keyFile needs to be null or none of them");
        }
        synchronized (OpenSslContext.class) {
            if (file != null) {
                if (!SSLContext.setCertificateChainFile(this.ctx, file.getPath(), true)) {
                    long lastErrorNumber = SSL.getLastErrorNumber();
                    if (OpenSsl.isError(lastErrorNumber)) {
                        throw new SSLException("failed to set certificate chain: " + file + " (" + SSL.getErrorString(lastErrorNumber) + ')');
                    }
                }
            }
            if (file2 != null && file3 != null) {
                try {
                    if (!SSLContext.setCertificate(this.ctx, file2.getPath(), file3.getPath(), str, 0)) {
                        long lastErrorNumber2 = SSL.getLastErrorNumber();
                        if (OpenSsl.isError(lastErrorNumber2)) {
                            throw new SSLException("failed to set certificate: " + file2 + " and " + file3 + " (" + SSL.getErrorString(lastErrorNumber2) + ')');
                        }
                    }
                } catch (SSLException e) {
                    throw e;
                } catch (Exception e2) {
                    throw new SSLException("failed to set certificate: " + file2 + " and " + file3, e2);
                }
            }
            SSLContext.setVerify(this.ctx, 0, 10);
            if (trustManagerFactory == null) {
                try {
                    trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                } catch (Exception e3) {
                    throw new SSLException("unable to setup trustmanager", e3);
                }
            }
            initTrustManagerFactory(file, trustManagerFactory);
            final X509TrustManager chooseTrustManager = chooseTrustManager(trustManagerFactory.getTrustManagers());
            if (useExtendedTrustManager(chooseTrustManager)) {
                final X509ExtendedTrustManager x509ExtendedTrustManager = (X509ExtendedTrustManager) chooseTrustManager;
                SSLContext.setCertVerifyCallback(this.ctx, new OpenSslContext.AbstractCertificateVerifier() { // from class: io.netty.handler.ssl.OpenSslClientContext.1
                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super();
                    }

                    @Override // io.netty.handler.ssl.OpenSslContext.AbstractCertificateVerifier
                    void verify(OpenSslEngine openSslEngine, X509Certificate[] x509CertificateArr, String str2) throws Exception {
                        x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr, str2, openSslEngine);
                    }
                });
            } else {
                SSLContext.setCertVerifyCallback(this.ctx, new OpenSslContext.AbstractCertificateVerifier() { // from class: io.netty.handler.ssl.OpenSslClientContext.2
                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super();
                    }

                    @Override // io.netty.handler.ssl.OpenSslContext.AbstractCertificateVerifier
                    void verify(OpenSslEngine openSslEngine, X509Certificate[] x509CertificateArr, String str2) throws Exception {
                        chooseTrustManager.checkServerTrusted(x509CertificateArr, str2);
                    }
                });
            }
        }
        this.sessionContext = new OpenSslClientSessionContext(this.ctx);
        if (1 == 0) {
            destroyPools();
        }
    }

    private static void initTrustManagerFactory(File file, TrustManagerFactory trustManagerFactory) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        if (file != null) {
            ByteBuf[] readCertificates = PemReader.readCertificates(file);
            try {
                for (ByteBuf byteBuf : readCertificates) {
                    X509Certificate x509Certificate = (X509Certificate) X509_CERT_FACTORY.generateCertificate(new ByteBufInputStream(byteBuf));
                    keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName("RFC2253"), x509Certificate);
                }
            } finally {
                for (ByteBuf byteBuf2 : readCertificates) {
                    byteBuf2.release();
                }
            }
        }
        trustManagerFactory.init(keyStore);
    }

    @Override // io.netty.handler.ssl.OpenSslContext, io.netty.handler.ssl.SslContext
    public OpenSslSessionContext sessionContext() {
        return this.sessionContext;
    }
}
