package com.facebook.nifty.ssl;

import java.io.File;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;
import org.apache.tomcat.jni.SessionTicketKey;
import org.jboss.netty.handler.ssl.OpenSslEngine;
import org.jboss.netty.handler.ssl.SslBufferPool;
import org.jboss.netty.handler.ssl.SslHandler;

/* loaded from: input_file:BOOT-INF/lib/nifty-ssl-0.21.0.jar:com/facebook/nifty/ssl/NiftyOpenSslServerContext.class */
public final class NiftyOpenSslServerContext implements SslHandlerFactory {
    private static final String IGNORABLE_ERROR_PREFIX = "error:00000000:";
    private final long aprPool;
    private final long sessionCacheSize;
    private final long sessionTimeout;
    private final List<String> nextProtocols;
    private final long ctx;
    private final List<String> ciphers = new ArrayList();
    private final List<String> unmodifiableCiphers = Collections.unmodifiableList(this.ciphers);
    private final SslBufferPool bufferPool = newBufferPool();

    /* JADX WARN: Multi-variable type inference failed */
    public NiftyOpenSslServerContext(File file, File file2, String str, Iterable<String> iterable, int i, Iterable<String> iterable2, long j, long j2) throws SSLException {
        String next;
        String next2;
        if (file == null) {
            throw new NullPointerException("certChainFile");
        }
        if (!file.isFile()) {
            throw new IllegalArgumentException("certChainFile is not a file: " + file);
        }
        if (file2 == null) {
            throw new NullPointerException("keyPath");
        }
        if (!file2.isFile()) {
            throw new IllegalArgumentException("keyPath is not a file: " + file2);
        }
        iterable = iterable == null ? SslDefaults.SERVER_DEFAULTS : iterable;
        str = str == null ? "" : str;
        iterable2 = iterable2 == null ? Collections.emptyList() : iterable2;
        Iterator<String> it = iterable.iterator();
        while (it.hasNext() && (next2 = it.next()) != null) {
            this.ciphers.add(next2);
        }
        ArrayList arrayList = new ArrayList();
        Iterator<String> it2 = iterable2.iterator();
        while (it2.hasNext() && (next = it2.next()) != null) {
            arrayList.add(next);
        }
        this.nextProtocols = Collections.unmodifiableList(arrayList);
        this.aprPool = Pool.create(0L);
        try {
            synchronized (NiftyOpenSslServerContext.class) {
                try {
                    this.ctx = SSLContext.make(this.aprPool, i, 1);
                    SSLContext.setOptions(this.ctx, 4095);
                    SSLContext.setOptions(this.ctx, 16777216);
                    SSLContext.setOptions(this.ctx, 33554432);
                    SSLContext.setOptions(this.ctx, 4194304);
                    SSLContext.setOptions(this.ctx, 524288);
                    SSLContext.setOptions(this.ctx, 1048576);
                    SSLContext.setOptions(this.ctx, 65536);
                    SSLContext.setMode(this.ctx, SSLContext.getMode(this.ctx) | 2);
                    try {
                        StringBuilder sb = new StringBuilder();
                        Iterator<String> it3 = this.ciphers.iterator();
                        while (it3.hasNext()) {
                            sb.append(it3.next());
                            sb.append(':');
                        }
                        sb.setLength(sb.length() - 1);
                        SSLContext.setCipherSuite(this.ctx, sb.toString());
                        SSLContext.setVerify(this.ctx, 0, 10);
                        try {
                            if (!SSLContext.setCertificate(this.ctx, file.getPath(), file2.getPath(), str, 0)) {
                                throw new SSLException("failed to set certificate: " + file + " and " + file2 + " (" + SSL.getLastError() + ')');
                            }
                            if (!SSLContext.setCertificateChainFile(this.ctx, file.getPath(), true) && !SSL.getLastError().startsWith(IGNORABLE_ERROR_PREFIX)) {
                                throw new SSLException("failed to set certificate chain: " + file + " (" + SSL.getLastError() + ')');
                            }
                            if (!arrayList.isEmpty()) {
                                StringBuilder sb2 = new StringBuilder();
                                Iterator it4 = arrayList.iterator();
                                while (it4.hasNext()) {
                                    sb2.append((String) it4.next());
                                    sb2.append(',');
                                }
                                sb2.setLength(sb2.length() - 1);
                                SSLContext.setNextProtos(this.ctx, sb2.toString());
                            }
                            if (this.nextProtocols != null && !this.nextProtocols.isEmpty()) {
                                SSLContext.setAlpnProtos(this.ctx, (String[]) this.nextProtocols.toArray(new String[0]), 1);
                            }
                            if (j > 0) {
                                this.sessionCacheSize = j;
                                SSLContext.setSessionCacheSize(this.ctx, j);
                            } else {
                                this.sessionCacheSize = SSLContext.setSessionCacheSize(this.ctx, 20480L);
                                SSLContext.setSessionCacheSize(this.ctx, this);
                            }
                            if (j2 > 0) {
                                this.sessionTimeout = j2;
                                SSLContext.setSessionCacheTimeout(this.ctx, j2);
                            } else {
                                this.sessionTimeout = SSLContext.setSessionCacheTimeout(this.ctx, 300L);
                                SSLContext.setSessionCacheTimeout(this.ctx, this);
                            }
                        } catch (SSLException e) {
                            throw e;
                        } catch (Exception e2) {
                            throw new SSLException("failed to set certificate: " + file + " and " + file2, e2);
                        }
                    } catch (SSLException e3) {
                        throw e3;
                    } catch (Exception e4) {
                        throw new SSLException("failed to set cipher suite: " + this.ciphers, e4);
                    }
                } catch (Exception e5) {
                    throw new SSLException("failed to create an SSL_CTX", e5);
                }
            }
            if (1 == 0) {
                destroyPools();
            }
        } catch (Throwable th) {
            if (0 == 0) {
                destroyPools();
            }
            throw th;
        }
    }

    private static SslBufferPool newBufferPool() {
        return new SslBufferPool(true, true);
    }

    public List<String> cipherSuites() {
        return this.unmodifiableCiphers;
    }

    public long sessionCacheSize() {
        return this.sessionCacheSize;
    }

    public long sessionTimeout() {
        return this.sessionTimeout;
    }

    public List<String> nextProtocols() {
        return this.nextProtocols;
    }

    public long context() {
        return this.ctx;
    }

    public SSLEngine newEngine() {
        return this.nextProtocols.isEmpty() ? new OpenSslEngine(this.ctx, this.bufferPool, null) : new OpenSslEngine(this.ctx, this.bufferPool, this.nextProtocols.get(this.nextProtocols.size() - 1));
    }

    public void setTicketKeys(SessionTicketKey[] sessionTicketKeyArr) {
        if (sessionTicketKeyArr == null) {
            throw new NullPointerException("keys");
        }
        SSLContext.setSessionTicketKeys(this.ctx, sessionTicketKeyArr);
    }

    public void setSessionIdContext(byte[] bArr) {
        SSLContext.setSessionIdContext(this.ctx, bArr);
    }

    public void setSessionCacheTimeout(long j) {
        SSLContext.setSessionCacheTimeout(this.ctx, j);
    }

    @Override // com.facebook.nifty.ssl.SslHandlerFactory
    public SslHandler newHandler() {
        BetterSslHandler betterSslHandler = new BetterSslHandler(newEngine(), this.bufferPool);
        betterSslHandler.setCloseOnSSLException(true);
        return betterSslHandler;
    }

    protected void finalize() throws Throwable {
        super.finalize();
        synchronized (NiftyOpenSslServerContext.class) {
            if (this.ctx != 0) {
                SSLContext.free(this.ctx);
            }
        }
        destroyPools();
    }

    private void destroyPools() {
        if (this.aprPool != 0) {
            Pool.destroy(this.aprPool);
        }
    }
}
