package io.netty.handler.ssl;

import io.netty.buffer.ByteBufAllocator;
import io.netty.internal.tcnative.CertificateRequestedCallback;
import io.netty.internal.tcnative.SSL;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import javax.net.ssl.SSLException;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/netty-handler-4.0.48.Final.jar:io/netty/handler/ssl/OpenSslKeyMaterialManager.class */
public class OpenSslKeyMaterialManager {
    static final String KEY_TYPE_RSA = "RSA";
    static final String KEY_TYPE_DH_RSA = "DH_RSA";
    static final String KEY_TYPE_EC = "EC";
    static final String KEY_TYPE_EC_EC = "EC_EC";
    static final String KEY_TYPE_EC_RSA = "EC_RSA";
    private static final Map<String, String> KEY_TYPES = new HashMap();
    private final X509KeyManager keyManager;
    private final String password;

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenSslKeyMaterialManager(X509KeyManager x509KeyManager, String str) {
        this.keyManager = x509KeyManager;
        this.password = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setKeyMaterial(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) throws SSLException {
        String chooseServerAlias;
        long sslPointer = referenceCountedOpenSslEngine.sslPointer();
        String[] authenticationMethods = SSL.authenticationMethods(sslPointer);
        HashSet hashSet = new HashSet(authenticationMethods.length);
        for (String str : authenticationMethods) {
            String str2 = KEY_TYPES.get(str);
            if (str2 != null && (chooseServerAlias = chooseServerAlias(referenceCountedOpenSslEngine, str2)) != null && hashSet.add(chooseServerAlias)) {
                setKeyMaterial(sslPointer, chooseServerAlias);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertificateRequestedCallback.KeyMaterial keyMaterial(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine, String[] strArr, X500Principal[] x500PrincipalArr) throws SSLException {
        String chooseClientAlias = chooseClientAlias(referenceCountedOpenSslEngine, strArr, x500PrincipalArr);
        long j = 0;
        long j2 = 0;
        long j3 = 0;
        long j4 = 0;
        try {
            try {
                X509Certificate[] certificateChain = this.keyManager.getCertificateChain(chooseClientAlias);
                if (certificateChain == null || certificateChain.length == 0) {
                    ReferenceCountedOpenSslContext.freeBio(0L);
                    ReferenceCountedOpenSslContext.freeBio(0L);
                    SSL.freePrivateKey(0L);
                    SSL.freeX509Chain(0L);
                    return null;
                }
                PrivateKey privateKey = this.keyManager.getPrivateKey(chooseClientAlias);
                j2 = ReferenceCountedOpenSslContext.toBIO(certificateChain);
                long parseX509Chain = SSL.parseX509Chain(j2);
                if (privateKey != null) {
                    j = ReferenceCountedOpenSslContext.toBIO(privateKey);
                    j3 = SSL.parsePrivateKey(j, this.password);
                }
                long j5 = j3;
                CertificateRequestedCallback.KeyMaterial keyMaterial = new CertificateRequestedCallback.KeyMaterial(parseX509Chain, j5);
                j3 = 0;
                j4 = j5;
                ReferenceCountedOpenSslContext.freeBio(j);
                ReferenceCountedOpenSslContext.freeBio(j2);
                SSL.freePrivateKey(0L);
                SSL.freeX509Chain(j4);
                return keyMaterial;
            } catch (SSLException e) {
                throw e;
            } catch (Exception e2) {
                throw new SSLException(e2);
            }
        } catch (Throwable th) {
            ReferenceCountedOpenSslContext.freeBio(j);
            ReferenceCountedOpenSslContext.freeBio(j2);
            SSL.freePrivateKey(j3);
            SSL.freeX509Chain(j4);
            throw th;
        }
    }

    private void setKeyMaterial(long j, String str) throws SSLException {
        long j2 = 0;
        try {
            try {
                X509Certificate[] certificateChain = this.keyManager.getCertificateChain(str);
                if (certificateChain == null || certificateChain.length == 0) {
                    return;
                }
                PrivateKey privateKey = this.keyManager.getPrivateKey(str);
                PemEncoded pem = PemX509Certificate.toPEM(ByteBufAllocator.DEFAULT, true, certificateChain);
                try {
                    long bio = ReferenceCountedOpenSslContext.toBIO(ByteBufAllocator.DEFAULT, pem.retain());
                    long bio2 = ReferenceCountedOpenSslContext.toBIO(ByteBufAllocator.DEFAULT, pem.retain());
                    if (privateKey != null) {
                        j2 = ReferenceCountedOpenSslContext.toBIO(privateKey);
                    }
                    SSL.setCertificateBio(j, bio, j2, this.password);
                    SSL.setCertificateChainBio(j, bio2, true);
                    pem.release();
                    ReferenceCountedOpenSslContext.freeBio(j2);
                    ReferenceCountedOpenSslContext.freeBio(bio);
                    ReferenceCountedOpenSslContext.freeBio(bio2);
                } catch (Throwable th) {
                    pem.release();
                    throw th;
                }
            } catch (SSLException e) {
                throw e;
            } catch (Exception e2) {
                throw new SSLException(e2);
            }
        } finally {
            ReferenceCountedOpenSslContext.freeBio(0L);
            ReferenceCountedOpenSslContext.freeBio(0L);
            ReferenceCountedOpenSslContext.freeBio(0L);
        }
    }

    protected String chooseClientAlias(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine, String[] strArr, X500Principal[] x500PrincipalArr) {
        return this.keyManager.chooseClientAlias(strArr, x500PrincipalArr, null);
    }

    protected String chooseServerAlias(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine, String str) {
        return this.keyManager.chooseServerAlias(str, null, null);
    }

    static {
        KEY_TYPES.put(KEY_TYPE_RSA, KEY_TYPE_RSA);
        KEY_TYPES.put("DHE_RSA", KEY_TYPE_RSA);
        KEY_TYPES.put("ECDHE_RSA", KEY_TYPE_RSA);
        KEY_TYPES.put("ECDHE_ECDSA", KEY_TYPE_EC);
        KEY_TYPES.put("ECDH_RSA", KEY_TYPE_EC_RSA);
        KEY_TYPES.put("ECDH_ECDSA", KEY_TYPE_EC_EC);
        KEY_TYPES.put(KEY_TYPE_DH_RSA, KEY_TYPE_DH_RSA);
    }
}
