package io.netty.handler.ssl;

import io.netty.buffer.ByteBuf;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.internal.tcnative.Buffer;
import io.netty.internal.tcnative.Library;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import io.netty.util.ReferenceCountUtil;
import io.netty.util.ReferenceCounted;
import io.netty.util.internal.NativeLibraryLoader;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import org.apache.lucene.analysis.shingle.ShingleFilter;

/* loaded from: input_file:io/netty/handler/ssl/OpenSsl.class */
public final class OpenSsl {
    private static final InternalLogger logger;
    private static final Throwable UNAVAILABILITY_CAUSE;
    static final List<String> DEFAULT_CIPHERS;
    static final Set<String> AVAILABLE_CIPHER_SUITES;
    private static final Set<String> AVAILABLE_OPENSSL_CIPHER_SUITES;
    private static final Set<String> AVAILABLE_JAVA_CIPHER_SUITES;
    private static final boolean SUPPORTS_KEYMANAGER_FACTORY;
    private static final boolean SUPPORTS_HOSTNAME_VALIDATION;
    private static final boolean USE_KEYMANAGER_FACTORY;
    private static final boolean SUPPORTS_OCSP;
    static final Set<String> SUPPORTED_PROTOCOLS_SET;
    static final /* synthetic */ boolean $assertionsDisabled;

    private static boolean doesSupportOcsp() {
        boolean z = false;
        if (version() >= 268443648) {
            long j = -1;
            try {
                j = SSLContext.make(16, 1);
                SSLContext.enableOcsp(j, false);
                z = true;
                if (j != -1) {
                    SSLContext.free(j);
                }
            } catch (Exception e) {
                if (j != -1) {
                    SSLContext.free(j);
                }
            } catch (Throwable th) {
                if (j != -1) {
                    SSLContext.free(j);
                }
                throw th;
            }
        }
        return z;
    }

    private static boolean doesSupportProtocol(int i) {
        long j = -1;
        try {
            j = SSLContext.make(i, 2);
            if (j != -1) {
                SSLContext.free(j);
            }
            return true;
        } catch (Exception e) {
            if (j != -1) {
                SSLContext.free(j);
            }
            return false;
        } catch (Throwable th) {
            if (j != -1) {
                SSLContext.free(j);
            }
            throw th;
        }
    }

    public static boolean isAvailable() {
        return UNAVAILABILITY_CAUSE == null;
    }

    public static boolean isAlpnSupported() {
        return ((long) version()) >= 268443648;
    }

    public static boolean isOcspSupported() {
        return SUPPORTS_OCSP;
    }

    public static int version() {
        if (isAvailable()) {
            return SSL.version();
        }
        return -1;
    }

    public static String versionString() {
        if (isAvailable()) {
            return SSL.versionString();
        }
        return null;
    }

    public static void ensureAvailability() {
        if (UNAVAILABILITY_CAUSE != null) {
            throw ((Error) new UnsatisfiedLinkError("failed to load the required native library").initCause(UNAVAILABILITY_CAUSE));
        }
    }

    public static Throwable unavailabilityCause() {
        return UNAVAILABILITY_CAUSE;
    }

    @Deprecated
    public static Set<String> availableCipherSuites() {
        return availableOpenSslCipherSuites();
    }

    public static Set<String> availableOpenSslCipherSuites() {
        return AVAILABLE_OPENSSL_CIPHER_SUITES;
    }

    public static Set<String> availableJavaCipherSuites() {
        return AVAILABLE_JAVA_CIPHER_SUITES;
    }

    public static boolean isCipherSuiteAvailable(String str) {
        String openSsl = CipherSuiteConverter.toOpenSsl(str);
        if (openSsl != null) {
            str = openSsl;
        }
        return AVAILABLE_OPENSSL_CIPHER_SUITES.contains(str);
    }

    public static boolean supportsKeyManagerFactory() {
        return SUPPORTS_KEYMANAGER_FACTORY;
    }

    public static boolean supportsHostnameValidation() {
        return SUPPORTS_HOSTNAME_VALIDATION;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean useKeyManagerFactory() {
        return USE_KEYMANAGER_FACTORY;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long memoryAddress(ByteBuf byteBuf) {
        if ($assertionsDisabled || byteBuf.isDirect()) {
            return byteBuf.hasMemoryAddress() ? byteBuf.memoryAddress() : Buffer.address(byteBuf.nioBuffer());
        }
        throw new AssertionError();
    }

    private OpenSsl() {
    }

    private static void loadTcNative() throws Exception {
        String normalizedOs = PlatformDependent.normalizedOs();
        String normalizedArch = PlatformDependent.normalizedArch();
        LinkedHashSet linkedHashSet = new LinkedHashSet(4);
        linkedHashSet.add("netty_tcnative" + ShingleFilter.DEFAULT_FILLER_TOKEN + normalizedOs + '_' + normalizedArch);
        if ("linux".equalsIgnoreCase(normalizedOs)) {
            linkedHashSet.add("netty_tcnative" + ShingleFilter.DEFAULT_FILLER_TOKEN + normalizedOs + '_' + normalizedArch + "_fedora");
        }
        linkedHashSet.add("netty_tcnative" + ShingleFilter.DEFAULT_FILLER_TOKEN + normalizedArch);
        linkedHashSet.add("netty_tcnative");
        NativeLibraryLoader.loadFirstAvailable(SSL.class.getClassLoader(), (String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]));
    }

    private static boolean initializeTcNative() throws Exception {
        return Library.initialize();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void releaseIfNeeded(ReferenceCounted referenceCounted) {
        if (referenceCounted.refCnt() > 0) {
            ReferenceCountUtil.safeRelease(referenceCounted);
        }
    }

    /* JADX WARN: Finally extract failed */
    static {
        long make;
        long j;
        SelfSignedCertificate selfSignedCertificate;
        long newSSL;
        $assertionsDisabled = !OpenSsl.class.desiredAssertionStatus();
        logger = InternalLoggerFactory.getInstance((Class<?>) OpenSsl.class);
        Throwable th = null;
        try {
            Class.forName("io.netty.internal.tcnative.SSL", false, OpenSsl.class.getClassLoader());
        } catch (ClassNotFoundException e) {
            th = e;
            logger.debug("netty-tcnative not in the classpath; " + OpenSslEngine.class.getSimpleName() + " will be unavailable.");
        }
        if (th == null) {
            try {
                loadTcNative();
            } catch (Throwable th2) {
                th = th2;
                logger.debug("Failed to load netty-tcnative; " + OpenSslEngine.class.getSimpleName() + " will be unavailable, unless the application has already loaded the symbols by some other means. See http://netty.io/wiki/forked-tomcat-native.html for more information.", th2);
            }
            try {
                initializeTcNative();
                th = null;
            } catch (Throwable th3) {
                if (th == null) {
                    th = th3;
                }
                logger.debug("Failed to initialize netty-tcnative; " + OpenSslEngine.class.getSimpleName() + " will be unavailable. See http://netty.io/wiki/forked-tomcat-native.html for more information.", th3);
            }
        }
        UNAVAILABILITY_CAUSE = th;
        if (th != null) {
            DEFAULT_CIPHERS = Collections.emptyList();
            AVAILABLE_OPENSSL_CIPHER_SUITES = Collections.emptySet();
            AVAILABLE_JAVA_CIPHER_SUITES = Collections.emptySet();
            AVAILABLE_CIPHER_SUITES = Collections.emptySet();
            SUPPORTS_KEYMANAGER_FACTORY = false;
            SUPPORTS_HOSTNAME_VALIDATION = false;
            USE_KEYMANAGER_FACTORY = false;
            SUPPORTED_PROTOCOLS_SET = Collections.emptySet();
            SUPPORTS_OCSP = false;
            return;
        }
        logger.debug("netty-tcnative using native library: {}", SSL.versionString());
        ArrayList arrayList = new ArrayList();
        LinkedHashSet linkedHashSet = new LinkedHashSet(128);
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        try {
            make = SSLContext.make(31, 1);
            j = 0;
            selfSignedCertificate = null;
            try {
                SSLContext.setCipherSuite(make, "ALL");
                newSSL = SSL.newSSL(make, true);
            } catch (Throwable th4) {
                SSLContext.free(make);
                throw th4;
            }
        } catch (Exception e2) {
            logger.warn("Failed to get the list of available OpenSSL cipher suites.", (Throwable) e2);
        }
        try {
            for (String str : SSL.getCiphers(newSSL)) {
                if (str != null && !str.isEmpty() && !linkedHashSet.contains(str)) {
                    linkedHashSet.add(str);
                }
            }
            try {
                SSL.setHostNameValidation(newSSL, 0, "netty.io");
                z3 = true;
            } catch (Throwable th5) {
                logger.debug("Hostname Verification not supported.");
            }
            try {
                selfSignedCertificate = new SelfSignedCertificate();
                j = ReferenceCountedOpenSslContext.toBIO(selfSignedCertificate.cert());
                SSL.setCertificateChainBio(newSSL, j, false);
                z = true;
                try {
                    z2 = ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: io.netty.handler.ssl.OpenSsl.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedAction
                        public Boolean run() {
                            return Boolean.valueOf(SystemPropertyUtil.getBoolean("io.netty.handler.ssl.openssl.useKeyManagerFactory", true));
                        }
                    })).booleanValue();
                } catch (Throwable th6) {
                    logger.debug("Failed to get useKeyManagerFactory system property.");
                }
            } catch (Throwable th7) {
                logger.debug("KeyManagerFactory not supported.");
            }
            SSL.freeSSL(newSSL);
            if (j != 0) {
                SSL.freeBIO(j);
            }
            if (selfSignedCertificate != null) {
                selfSignedCertificate.delete();
            }
            SSLContext.free(make);
            AVAILABLE_OPENSSL_CIPHER_SUITES = Collections.unmodifiableSet(linkedHashSet);
            LinkedHashSet linkedHashSet2 = new LinkedHashSet(AVAILABLE_OPENSSL_CIPHER_SUITES.size() * 2);
            for (String str2 : AVAILABLE_OPENSSL_CIPHER_SUITES) {
                linkedHashSet2.add(CipherSuiteConverter.toJava(str2, "TLS"));
                linkedHashSet2.add(CipherSuiteConverter.toJava(str2, "SSL"));
            }
            SslUtils.useFallbackCiphersIfDefaultIsEmpty(arrayList, linkedHashSet2);
            DEFAULT_CIPHERS = Collections.unmodifiableList(arrayList);
            SslUtils.addIfSupported(linkedHashSet2, arrayList, SslUtils.DEFAULT_CIPHER_SUITES);
            AVAILABLE_JAVA_CIPHER_SUITES = Collections.unmodifiableSet(linkedHashSet2);
            LinkedHashSet linkedHashSet3 = new LinkedHashSet(AVAILABLE_OPENSSL_CIPHER_SUITES.size() + AVAILABLE_JAVA_CIPHER_SUITES.size());
            linkedHashSet3.addAll(AVAILABLE_OPENSSL_CIPHER_SUITES);
            linkedHashSet3.addAll(AVAILABLE_JAVA_CIPHER_SUITES);
            AVAILABLE_CIPHER_SUITES = linkedHashSet3;
            SUPPORTS_KEYMANAGER_FACTORY = z;
            SUPPORTS_HOSTNAME_VALIDATION = z3;
            USE_KEYMANAGER_FACTORY = z2;
            LinkedHashSet linkedHashSet4 = new LinkedHashSet(6);
            linkedHashSet4.add("SSLv2Hello");
            if (doesSupportProtocol(1)) {
                linkedHashSet4.add("SSLv2");
            }
            if (doesSupportProtocol(2)) {
                linkedHashSet4.add("SSLv3");
            }
            if (doesSupportProtocol(4)) {
                linkedHashSet4.add("TLSv1");
            }
            if (doesSupportProtocol(8)) {
                linkedHashSet4.add("TLSv1.1");
            }
            if (doesSupportProtocol(16)) {
                linkedHashSet4.add("TLSv1.2");
            }
            SUPPORTED_PROTOCOLS_SET = Collections.unmodifiableSet(linkedHashSet4);
            SUPPORTS_OCSP = doesSupportOcsp();
            if (logger.isDebugEnabled()) {
                logger.debug("Supported protocols (OpenSSL): {} ", Arrays.asList(SUPPORTED_PROTOCOLS_SET));
                logger.debug("Default cipher suites (OpenSSL): {}", DEFAULT_CIPHERS);
            }
        } catch (Throwable th8) {
            SSL.freeSSL(newSSL);
            if (j != 0) {
                SSL.freeBIO(j);
            }
            if (selfSignedCertificate != null) {
                selfSignedCertificate.delete();
            }
            throw th8;
        }
    }
}
