package io.netty.handler.ssl;

import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.ReferenceCountedOpenSslClientContext;
import io.netty.handler.ssl.ReferenceCountedOpenSslContext;
import io.netty.internal.tcnative.SSLContext;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:io/netty/handler/ssl/SMSslClientContext.class */
public class SMSslClientContext extends OpenSslContext {
    private final OpenSslSessionContext sessionContext;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/netty/handler/ssl/SMSslClientContext$ExtendedTrustManagerVerifyCallback.class */
    public static final class ExtendedTrustManagerVerifyCallback extends ReferenceCountedOpenSslContext.AbstractCertificateVerifier {
        private final X509ExtendedTrustManager manager;

        ExtendedTrustManagerVerifyCallback(OpenSslEngineMap openSslEngineMap, X509ExtendedTrustManager x509ExtendedTrustManager) {
            super(openSslEngineMap);
            this.manager = x509ExtendedTrustManager;
        }

        void verify(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine, X509Certificate[] x509CertificateArr, String str) throws Exception {
            this.manager.checkServerTrusted(x509CertificateArr, str, (SSLEngine) referenceCountedOpenSslEngine);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/netty/handler/ssl/SMSslClientContext$TrustManagerVerifyCallback.class */
    public static final class TrustManagerVerifyCallback extends ReferenceCountedOpenSslContext.AbstractCertificateVerifier {
        private final X509TrustManager manager;

        TrustManagerVerifyCallback(OpenSslEngineMap openSslEngineMap, X509TrustManager x509TrustManager) {
            super(openSslEngineMap);
            this.manager = x509TrustManager;
        }

        void verify(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine, X509Certificate[] x509CertificateArr, String str) throws Exception {
            this.manager.checkServerTrusted(x509CertificateArr, str);
        }
    }

    public SMSslClientContext(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, X509Certificate[] x509CertificateArr3, PrivateKey privateKey2) throws SSLException {
        super((Iterable) null, IdentityCipherSuiteFilter.INSTANCE, (ApplicationProtocolConfig) null, 0, (Certificate[]) null, ClientAuth.REQUIRE, (String[]) null, false, false, new Map.Entry[0]);
        boolean z = false;
        try {
            this.sessionContext = newSessionContext(this, this.ctx, this.engineMap, x509CertificateArr, x509CertificateArr2, privateKey, x509CertificateArr3, privateKey2);
            z = true;
            if (1 == 0) {
                release();
            }
        } catch (Throwable th) {
            if (!z) {
                release();
            }
            throw th;
        }
    }

    /* renamed from: sessionContext, reason: merged with bridge method [inline-methods] */
    public OpenSslSessionContext m1sessionContext() {
        return this.sessionContext;
    }

    static void setKeyMaterial(long j, X509Certificate[] x509CertificateArr, PrivateKey privateKey, X509Certificate[] x509CertificateArr2, PrivateKey privateKey2) throws SSLException {
        long j2 = 0;
        long j3 = 0;
        long j4 = 0;
        long j5 = 0;
        PemEncoded pemEncoded = null;
        try {
            try {
                ByteBufAllocator byteBufAllocator = ByteBufAllocator.DEFAULT;
                PemEncoded pem = PemX509Certificate.toPEM(byteBufAllocator, true, x509CertificateArr);
                j4 = toBIO(byteBufAllocator, pem.retain());
                pem.release();
                PemEncoded pem2 = PemX509Certificate.toPEM(byteBufAllocator, true, x509CertificateArr2);
                j5 = toBIO(byteBufAllocator, pem2.retain());
                pem2.release();
                PemEncoded pem3 = PemPrivateKey.toPEM(byteBufAllocator, true, privateKey);
                j2 = toBIO(byteBufAllocator, pem3.retain());
                pem3.release();
                pemEncoded = PemPrivateKey.toPEM(byteBufAllocator, true, privateKey2);
                j3 = toBIO(byteBufAllocator, pemEncoded.retain());
                pemEncoded.release();
                SSLContext.setCipherSuite(j, "ALL", false);
                SSLContext.setCertificateExtBio(j, j4, j2, j5, j3, "");
                freeBio(j2);
                freeBio(j3);
                freeBio(j4);
                freeBio(j5);
                if (pemEncoded == null || pemEncoded.refCnt() <= 0) {
                    return;
                }
                pemEncoded.release();
            } catch (SSLException e) {
                throw e;
            } catch (Exception e2) {
                throw new SSLException("failed to set certificate and key", e2);
            }
        } catch (Throwable th) {
            freeBio(j2);
            freeBio(j3);
            freeBio(j4);
            freeBio(j5);
            if (pemEncoded != null && pemEncoded.refCnt() > 0) {
                pemEncoded.release();
            }
            throw th;
        }
    }

    static OpenSslSessionContext newSessionContext(ReferenceCountedOpenSslContext referenceCountedOpenSslContext, long j, OpenSslEngineMap openSslEngineMap, X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, X509Certificate[] x509CertificateArr3, PrivateKey privateKey2) throws SSLException {
        try {
            setKeyMaterial(j, x509CertificateArr2, privateKey, x509CertificateArr3, privateKey2);
            SSLContext.setVerify(j, 0, 10);
            try {
                X509TrustManager sMTrustManager = new SMTrustManager(x509CertificateArr);
                if (useExtendedTrustManager(sMTrustManager)) {
                    SSLContext.setCertVerifyCallback(j, new ExtendedTrustManagerVerifyCallback(openSslEngineMap, (X509ExtendedTrustManager) sMTrustManager));
                } else {
                    SSLContext.setCertVerifyCallback(j, new TrustManagerVerifyCallback(openSslEngineMap, sMTrustManager));
                }
                return new ReferenceCountedOpenSslClientContext.OpenSslClientSessionContext(referenceCountedOpenSslContext, (OpenSslKeyMaterialProvider) null);
            } catch (Exception e) {
                throw new SSLException("unable to setup TrustManager", e);
            }
        } catch (Exception e2) {
            throw new SSLException("failed to set certificate and key", e2);
        }
    }
}
