package io.netty.handler.ssl;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufInputStream;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* loaded from: input_file:io/netty/handler/ssl/OpenSslClientContext.class */
public final class OpenSslClientContext extends OpenSslContext {
    private static final InternalLogger logger = InternalLoggerFactory.getInstance((Class<?>) OpenSslClientContext.class);
    private final OpenSslSessionContext sessionContext;

    /* loaded from: input_file:io/netty/handler/ssl/OpenSslClientContext$OpenSslClientSessionContext.class */
    private static final class OpenSslClientSessionContext extends OpenSslSessionContext {
        private OpenSslClientSessionContext(long j) {
            super(j);
        }

        @Override // javax.net.ssl.SSLSessionContext
        public void setSessionTimeout(int i) {
            if (i < 0) {
                throw new IllegalArgumentException();
            }
        }

        @Override // javax.net.ssl.SSLSessionContext
        public int getSessionTimeout() {
            return 0;
        }

        @Override // javax.net.ssl.SSLSessionContext
        public void setSessionCacheSize(int i) {
            if (i < 0) {
                throw new IllegalArgumentException();
            }
        }

        @Override // javax.net.ssl.SSLSessionContext
        public int getSessionCacheSize() {
            return 0;
        }

        @Override // io.netty.handler.ssl.OpenSslSessionContext
        public void setSessionCacheEnabled(boolean z) {
        }

        @Override // io.netty.handler.ssl.OpenSslSessionContext
        public boolean isSessionCacheEnabled() {
            return false;
        }
    }

    public OpenSslClientContext() throws SSLException {
        this(null, null, null, null, 0L, 0L);
    }

    public OpenSslClientContext(File file) throws SSLException {
        this(file, null);
    }

    public OpenSslClientContext(TrustManagerFactory trustManagerFactory) throws SSLException {
        this(null, trustManagerFactory);
    }

    public OpenSslClientContext(File file, TrustManagerFactory trustManagerFactory) throws SSLException {
        this(file, trustManagerFactory, null, null, 0L, 0L);
    }

    public OpenSslClientContext(File file, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        super(iterable, applicationProtocolConfig, j, j2, 0);
        if (file != null) {
            try {
                if (!file.isFile()) {
                    throw new IllegalArgumentException("certChainFile is not a file: " + file);
                }
            } catch (Throwable th) {
                if (0 == 0) {
                    destroyPools();
                }
                throw th;
            }
        }
        synchronized (OpenSslContext.class) {
            if (file != null) {
                if (!SSLContext.setCertificateChainFile(this.ctx, file.getPath(), true)) {
                    long lastErrorNumber = SSL.getLastErrorNumber();
                    if (OpenSsl.isError(lastErrorNumber)) {
                        throw new SSLException("failed to set certificate chain: " + file + " (" + SSL.getErrorString(lastErrorNumber) + ')');
                    }
                }
            }
            SSLContext.setVerify(this.ctx, 0, 10);
            if (trustManagerFactory == null) {
                try {
                    trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                } catch (Exception e) {
                    throw new SSLException("unable to setup trustmanager", e);
                }
            }
            initTrustManagerFactory(file, trustManagerFactory);
            final X509TrustManager chooseTrustManager = chooseTrustManager(trustManagerFactory.getTrustManagers());
            SSLContext.setCertVerifyCallback(this.ctx, new CertificateVerifier() { // from class: io.netty.handler.ssl.OpenSslClientContext.1
                public boolean verify(long j3, byte[][] bArr, String str) {
                    try {
                        chooseTrustManager.checkServerTrusted(OpenSslContext.certificates(bArr), str);
                        return true;
                    } catch (Exception e2) {
                        OpenSslClientContext.logger.debug("verification of certificate failed", (Throwable) e2);
                        return false;
                    }
                }
            });
        }
        this.sessionContext = new OpenSslClientSessionContext(this.ctx);
        if (1 == 0) {
            destroyPools();
        }
    }

    private static void initTrustManagerFactory(File file, TrustManagerFactory trustManagerFactory) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        if (file != null) {
            ByteBuf[] readCertificates = PemReader.readCertificates(file);
            try {
                for (ByteBuf byteBuf : readCertificates) {
                    X509Certificate x509Certificate = (X509Certificate) X509_CERT_FACTORY.generateCertificate(new ByteBufInputStream(byteBuf));
                    keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName("RFC2253"), x509Certificate);
                }
            } finally {
                for (ByteBuf byteBuf2 : readCertificates) {
                    byteBuf2.release();
                }
            }
        }
        trustManagerFactory.init(keyStore);
    }

    @Override // io.netty.handler.ssl.OpenSslContext, io.netty.handler.ssl.SslContext
    public OpenSslSessionContext sessionContext() {
        return this.sessionContext;
    }
}
