package io.netty.handler.ssl;

import io.netty.buffer.ByteBuf;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.util.ReferenceCountUtil;
import io.netty.util.ReferenceCounted;
import io.netty.util.internal.NativeLibraryLoader;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.io.IOException;
import java.io.InputStream;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Locale;
import java.util.Properties;
import java.util.Set;
import org.apache.commons.codec.language.bm.Rule;
import org.apache.tomcat.Apr;
import org.apache.tomcat.jni.Buffer;
import org.apache.tomcat.jni.Library;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/bundled-dependencies/netty-handler-4.1.48.Final.jar:io/netty/handler/ssl/OpenSsl.class
 */
/* loaded from: input_file:META-INF/bundled-dependencies/netty-all-4.1.6.Final.jar:io/netty/handler/ssl/OpenSsl.class */
public final class OpenSsl {
    private static final InternalLogger logger;
    private static final String LINUX = "linux";
    private static final String UNKNOWN = "unknown";
    private static final Throwable UNAVAILABILITY_CAUSE;
    static final Set<String> AVAILABLE_CIPHER_SUITES;
    private static final Set<String> AVAILABLE_OPENSSL_CIPHER_SUITES;
    private static final Set<String> AVAILABLE_JAVA_CIPHER_SUITES;
    private static final boolean SUPPORTS_KEYMANAGER_FACTORY;
    private static final boolean USE_KEYMANAGER_FACTORY;
    static final String PROTOCOL_SSL_V2_HELLO = "SSLv2Hello";
    static final String PROTOCOL_SSL_V2 = "SSLv2";
    static final String PROTOCOL_SSL_V3 = "SSLv3";
    static final String PROTOCOL_TLS_V1 = "TLSv1";
    static final String PROTOCOL_TLS_V1_1 = "TLSv1.1";
    static final String PROTOCOL_TLS_V1_2 = "TLSv1.2";
    private static final String[] SUPPORTED_PROTOCOLS;
    static final Set<String> SUPPORTED_PROTOCOLS_SET;
    static final /* synthetic */ boolean $assertionsDisabled;

    private static boolean isNettyTcnative() {
        return ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: io.netty.handler.ssl.OpenSsl.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Boolean run() {
                InputStream inputStream = null;
                try {
                    try {
                        inputStream = Apr.class.getResourceAsStream("/org/apache/tomcat/apr.properties");
                        Properties properties = new Properties();
                        properties.load(inputStream);
                        String property = properties.getProperty("tcn.info");
                        Boolean valueOf = Boolean.valueOf(property != null && property.startsWith("netty-tcnative"));
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (IOException e) {
                            }
                        }
                        return valueOf;
                    } catch (Throwable th) {
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (IOException e2) {
                            }
                        }
                        return false;
                    }
                } catch (Throwable th2) {
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e3) {
                        }
                    }
                    throw th2;
                }
            }
        })).booleanValue();
    }

    public static boolean isAvailable() {
        return UNAVAILABILITY_CAUSE == null;
    }

    public static boolean isAlpnSupported() {
        return ((long) version()) >= 268443648;
    }

    public static int version() {
        if (isAvailable()) {
            return SSL.version();
        }
        return -1;
    }

    public static String versionString() {
        if (isAvailable()) {
            return SSL.versionString();
        }
        return null;
    }

    public static void ensureAvailability() {
        if (UNAVAILABILITY_CAUSE != null) {
            throw ((Error) new UnsatisfiedLinkError("failed to load the required native library").initCause(UNAVAILABILITY_CAUSE));
        }
    }

    public static Throwable unavailabilityCause() {
        return UNAVAILABILITY_CAUSE;
    }

    @Deprecated
    public static Set<String> availableCipherSuites() {
        return availableOpenSslCipherSuites();
    }

    public static Set<String> availableOpenSslCipherSuites() {
        return AVAILABLE_OPENSSL_CIPHER_SUITES;
    }

    public static Set<String> availableJavaCipherSuites() {
        return AVAILABLE_JAVA_CIPHER_SUITES;
    }

    public static boolean isCipherSuiteAvailable(String str) {
        String openSsl = CipherSuiteConverter.toOpenSsl(str);
        if (openSsl != null) {
            str = openSsl;
        }
        return AVAILABLE_OPENSSL_CIPHER_SUITES.contains(str);
    }

    public static boolean supportsKeyManagerFactory() {
        return SUPPORTS_KEYMANAGER_FACTORY;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean useKeyManagerFactory() {
        return USE_KEYMANAGER_FACTORY;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isError(long j) {
        return j != 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long memoryAddress(ByteBuf byteBuf) {
        if ($assertionsDisabled || byteBuf.isDirect()) {
            return byteBuf.hasMemoryAddress() ? byteBuf.memoryAddress() : Buffer.address(byteBuf.nioBuffer());
        }
        throw new AssertionError();
    }

    private OpenSsl() {
    }

    private static void loadTcNative() throws Exception {
        String normalizeOs = normalizeOs(SystemPropertyUtil.get("os.name", ""));
        String normalizeArch = normalizeArch(SystemPropertyUtil.get("os.arch", ""));
        LinkedHashSet linkedHashSet = new LinkedHashSet(3);
        linkedHashSet.add("netty-tcnative-" + normalizeOs + '-' + normalizeArch);
        if (LINUX.equalsIgnoreCase(normalizeOs)) {
            linkedHashSet.add("netty-tcnative-" + normalizeOs + '-' + normalizeArch + "-fedora");
        }
        linkedHashSet.add("netty-tcnative");
        NativeLibraryLoader.loadFirstAvailable(SSL.class.getClassLoader(), (String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]));
    }

    private static void initializeTcNative() throws Exception {
        Library.initialize("provided");
        SSL.initialize((String) null);
    }

    private static String normalizeOs(String str) {
        String normalize = normalize(str);
        return normalize.startsWith("aix") ? "aix" : normalize.startsWith("hpux") ? "hpux" : (!normalize.startsWith("os400") || (normalize.length() > 5 && Character.isDigit(normalize.charAt(5)))) ? normalize.startsWith(LINUX) ? LINUX : (normalize.startsWith("macosx") || normalize.startsWith("osx")) ? "osx" : normalize.startsWith("freebsd") ? "freebsd" : normalize.startsWith("openbsd") ? "openbsd" : normalize.startsWith("netbsd") ? "netbsd" : (normalize.startsWith("solaris") || normalize.startsWith("sunos")) ? "sunos" : normalize.startsWith("windows") ? "windows" : "unknown" : "os400";
    }

    private static String normalizeArch(String str) {
        String normalize = normalize(str);
        return normalize.matches("^(x8664|amd64|ia32e|em64t|x64)$") ? "x86_64" : normalize.matches("^(x8632|x86|i[3-6]86|ia32|x32)$") ? "x86_32" : normalize.matches("^(ia64|itanium64)$") ? "itanium_64" : normalize.matches("^(sparc|sparc32)$") ? "sparc_32" : normalize.matches("^(sparcv9|sparc64)$") ? "sparc_64" : normalize.matches("^(arm|arm32)$") ? "arm_32" : "aarch64".equals(normalize) ? "aarch_64" : normalize.matches("^(ppc|ppc32)$") ? "ppc_32" : "ppc64".equals(normalize) ? "ppc_64" : "ppc64le".equals(normalize) ? "ppcle_64" : "s390".equals(normalize) ? "s390_32" : "s390x".equals(normalize) ? "s390_64" : "unknown";
    }

    private static String normalize(String str) {
        return str.toLowerCase(Locale.US).replaceAll("[^a-z0-9]+", "");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void releaseIfNeeded(ReferenceCounted referenceCounted) {
        if (referenceCounted.refCnt() > 0) {
            ReferenceCountUtil.safeRelease(referenceCounted);
        }
    }

    /* JADX WARN: Finally extract failed */
    static {
        long make;
        long j;
        $assertionsDisabled = !OpenSsl.class.desiredAssertionStatus();
        logger = InternalLoggerFactory.getInstance((Class<?>) OpenSsl.class);
        SUPPORTED_PROTOCOLS = new String[]{PROTOCOL_SSL_V2_HELLO, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3, PROTOCOL_TLS_V1, PROTOCOL_TLS_V1_1, "TLSv1.2"};
        SUPPORTED_PROTOCOLS_SET = Collections.unmodifiableSet(new HashSet(Arrays.asList(SUPPORTED_PROTOCOLS)));
        Throwable th = null;
        try {
            Class.forName("org.apache.tomcat.jni.SSL", false, OpenSsl.class.getClassLoader());
        } catch (ClassNotFoundException e) {
            th = e;
            logger.debug("netty-tcnative not in the classpath; " + OpenSslEngine.class.getSimpleName() + " will be unavailable.");
        }
        if (th == null) {
            try {
                loadTcNative();
            } catch (Throwable th2) {
                th = th2;
                logger.debug("Failed to load netty-tcnative; " + OpenSslEngine.class.getSimpleName() + " will be unavailable, unless the application has already loaded the symbols by some other means. See http://netty.io/wiki/forked-tomcat-native.html for more information.", th2);
            }
            try {
                initializeTcNative();
                th = null;
            } catch (Throwable th3) {
                if (th == null) {
                    th = th3;
                }
                logger.debug("Failed to initialize netty-tcnative; " + OpenSslEngine.class.getSimpleName() + " will be unavailable. See http://netty.io/wiki/forked-tomcat-native.html for more information.", th3);
            }
        }
        if (th == null && !isNettyTcnative()) {
            logger.debug("incompatible tcnative in the classpath; " + OpenSslEngine.class.getSimpleName() + " will be unavailable.");
            th = new ClassNotFoundException("incompatible tcnative in the classpath");
        }
        UNAVAILABILITY_CAUSE = th;
        if (th != null) {
            AVAILABLE_OPENSSL_CIPHER_SUITES = Collections.emptySet();
            AVAILABLE_JAVA_CIPHER_SUITES = Collections.emptySet();
            AVAILABLE_CIPHER_SUITES = Collections.emptySet();
            SUPPORTS_KEYMANAGER_FACTORY = false;
            USE_KEYMANAGER_FACTORY = false;
            return;
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet(128);
        boolean z = false;
        boolean z2 = false;
        long create = Pool.create(0L);
        try {
            try {
                make = SSLContext.make(create, 31, 1);
                j = 0;
            } catch (Exception e2) {
                logger.warn("Failed to get the list of available OpenSSL cipher suites.", (Throwable) e2);
                Pool.destroy(create);
            }
            try {
                SSLContext.setOptions(make, 4095);
                SSLContext.setCipherSuite(make, Rule.ALL);
                long newSSL = SSL.newSSL(make, true);
                try {
                    for (String str : SSL.getCiphers(newSSL)) {
                        if (str != null && str.length() != 0 && !linkedHashSet.contains(str)) {
                            linkedHashSet.add(str);
                        }
                    }
                    try {
                        j = OpenSslContext.toBIO(new SelfSignedCertificate().cert());
                        SSL.setCertificateChainBio(newSSL, j, false);
                        z = true;
                        z2 = ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: io.netty.handler.ssl.OpenSsl.1
                            /* JADX WARN: Can't rename method to resolve collision */
                            @Override // java.security.PrivilegedAction
                            public Boolean run() {
                                return Boolean.valueOf(SystemPropertyUtil.getBoolean("io.netty.handler.ssl.openssl.useKeyManagerFactory", true));
                            }
                        })).booleanValue();
                    } catch (Throwable th4) {
                        logger.debug("KeyManagerFactory not supported.");
                    }
                    SSL.freeSSL(newSSL);
                    if (0 != 0) {
                        SSL.freeBIO(0L);
                    }
                    if (j != 0) {
                        SSL.freeBIO(j);
                    }
                    SSLContext.free(make);
                    Pool.destroy(create);
                    AVAILABLE_OPENSSL_CIPHER_SUITES = Collections.unmodifiableSet(linkedHashSet);
                    LinkedHashSet linkedHashSet2 = new LinkedHashSet(AVAILABLE_OPENSSL_CIPHER_SUITES.size() * 2);
                    for (String str2 : AVAILABLE_OPENSSL_CIPHER_SUITES) {
                        linkedHashSet2.add(CipherSuiteConverter.toJava(str2, "TLS"));
                        linkedHashSet2.add(CipherSuiteConverter.toJava(str2, ch.qos.logback.core.net.ssl.SSL.DEFAULT_PROTOCOL));
                    }
                    AVAILABLE_JAVA_CIPHER_SUITES = Collections.unmodifiableSet(linkedHashSet2);
                    LinkedHashSet linkedHashSet3 = new LinkedHashSet(AVAILABLE_OPENSSL_CIPHER_SUITES.size() + AVAILABLE_JAVA_CIPHER_SUITES.size());
                    Iterator<String> it = AVAILABLE_OPENSSL_CIPHER_SUITES.iterator();
                    while (it.hasNext()) {
                        linkedHashSet3.add(it.next());
                    }
                    Iterator<String> it2 = AVAILABLE_JAVA_CIPHER_SUITES.iterator();
                    while (it2.hasNext()) {
                        linkedHashSet3.add(it2.next());
                    }
                    AVAILABLE_CIPHER_SUITES = linkedHashSet3;
                    SUPPORTS_KEYMANAGER_FACTORY = z;
                    USE_KEYMANAGER_FACTORY = z2;
                } catch (Throwable th5) {
                    SSL.freeSSL(newSSL);
                    if (0 != 0) {
                        SSL.freeBIO(0L);
                    }
                    if (j != 0) {
                        SSL.freeBIO(j);
                    }
                    throw th5;
                }
            } catch (Throwable th6) {
                SSLContext.free(make);
                throw th6;
            }
        } catch (Throwable th7) {
            Pool.destroy(create);
            throw th7;
        }
    }
}
