package io.netty.incubator.codec.quic;

import io.netty.handler.ssl.OpenSslCertificateException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:essential_essential_1-3-0_fabric_1-20.jar:gg/essential/sps/quic/jvm/netty.jar:io/netty/incubator/codec/quic/BoringSSLCertificateVerifyCallback.class */
final class BoringSSLCertificateVerifyCallback {
    private static final boolean TRY_USING_EXTENDED_TRUST_MANAGER;
    private final QuicheQuicSslEngineMap engineMap;
    private final X509TrustManager manager;

    /* JADX INFO: Access modifiers changed from: package-private */
    public BoringSSLCertificateVerifyCallback(QuicheQuicSslEngineMap quicheQuicSslEngineMap, X509TrustManager x509TrustManager) {
        this.engineMap = quicheQuicSslEngineMap;
        this.manager = x509TrustManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int verify(long j, byte[][] bArr, String str) {
        QuicheQuicSslEngine quicheQuicSslEngine = this.engineMap.get(j);
        if (quicheQuicSslEngine == null) {
            return BoringSSL.X509_V_ERR_UNSPECIFIED;
        }
        if (this.manager == null) {
            this.engineMap.remove(j);
            return BoringSSL.X509_V_ERR_UNSPECIFIED;
        }
        X509Certificate[] certificates = BoringSSL.certificates(bArr);
        try {
            if (quicheQuicSslEngine.getUseClientMode()) {
                if (TRY_USING_EXTENDED_TRUST_MANAGER && (this.manager instanceof X509ExtendedTrustManager)) {
                    ((X509ExtendedTrustManager) this.manager).checkServerTrusted(certificates, str, quicheQuicSslEngine);
                } else {
                    this.manager.checkServerTrusted(certificates, str);
                }
            } else if (TRY_USING_EXTENDED_TRUST_MANAGER && (this.manager instanceof X509ExtendedTrustManager)) {
                ((X509ExtendedTrustManager) this.manager).checkClientTrusted(certificates, str, quicheQuicSslEngine);
            } else {
                this.manager.checkClientTrusted(certificates, str);
            }
            return BoringSSL.X509_V_OK;
        } catch (Throwable th) {
            this.engineMap.remove(j);
            return th instanceof OpenSslCertificateException ? ((OpenSslCertificateException) th).errorCode() : th instanceof CertificateExpiredException ? BoringSSL.X509_V_ERR_CERT_HAS_EXPIRED : th instanceof CertificateNotYetValidException ? BoringSSL.X509_V_ERR_CERT_NOT_YET_VALID : translateToError(th);
        }
    }

    private static int translateToError(Throwable th) {
        if (th instanceof CertificateRevokedException) {
            return BoringSSL.X509_V_ERR_CERT_REVOKED;
        }
        Throwable cause = th.getCause();
        while (true) {
            Throwable th2 = cause;
            if (th2 == null) {
                return BoringSSL.X509_V_ERR_UNSPECIFIED;
            }
            if (th2 instanceof CertPathValidatorException) {
                CertPathValidatorException.Reason reason = ((CertPathValidatorException) th2).getReason();
                if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
                    return BoringSSL.X509_V_ERR_CERT_HAS_EXPIRED;
                }
                if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
                    return BoringSSL.X509_V_ERR_CERT_NOT_YET_VALID;
                }
                if (reason == CertPathValidatorException.BasicReason.REVOKED) {
                    return BoringSSL.X509_V_ERR_CERT_REVOKED;
                }
            }
            cause = th2.getCause();
        }
    }

    static {
        boolean z;
        try {
            Class.forName(X509ExtendedTrustManager.class.getName());
            z = true;
        } catch (Throwable th) {
            z = false;
        }
        TRY_USING_EXTENDED_TRUST_MANAGER = z;
    }
}
