package io.netty.handler.ssl;

import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.UnpooledByteBufAllocator;
import io.netty.internal.tcnative.SSL;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLException;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:essential-0cc0d4cc15a5e5612f7eb50494e29ec1.jar:gg/essential/sps/quic/jvm/netty.jar:io/netty/handler/ssl/OpenSslKeyMaterialProvider.class */
class OpenSslKeyMaterialProvider {
    private final X509KeyManager keyManager;
    private final String password;

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenSslKeyMaterialProvider(X509KeyManager x509KeyManager, String str) {
        this.keyManager = x509KeyManager;
        this.password = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateKeyMaterialSupported(X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        validateSupported(x509CertificateArr);
        validateSupported(privateKey, str);
    }

    private static void validateSupported(PrivateKey privateKey, String str) throws SSLException {
        if (privateKey == null) {
            return;
        }
        long j = 0;
        long j2 = 0;
        try {
            try {
                j = ReferenceCountedOpenSslContext.toBIO(UnpooledByteBufAllocator.DEFAULT, privateKey);
                j2 = SSL.parsePrivateKey(j, str);
                SSL.freeBIO(j);
                if (j2 != 0) {
                    SSL.freePrivateKey(j2);
                }
            } catch (Exception e) {
                throw new SSLException("PrivateKey type not supported " + privateKey.getFormat(), e);
            }
        } catch (Throwable th) {
            SSL.freeBIO(j);
            if (j2 != 0) {
                SSL.freePrivateKey(j2);
            }
            throw th;
        }
    }

    private static void validateSupported(X509Certificate[] x509CertificateArr) throws SSLException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return;
        }
        long j = 0;
        long j2 = 0;
        PemEncoded pemEncoded = null;
        try {
            try {
                pemEncoded = PemX509Certificate.toPEM(UnpooledByteBufAllocator.DEFAULT, true, x509CertificateArr);
                j = ReferenceCountedOpenSslContext.toBIO(UnpooledByteBufAllocator.DEFAULT, pemEncoded.retain());
                j2 = SSL.parseX509Chain(j);
                SSL.freeBIO(j);
                if (j2 != 0) {
                    SSL.freeX509Chain(j2);
                }
                if (pemEncoded != null) {
                    pemEncoded.release();
                }
            } catch (Exception e) {
                throw new SSLException("Certificate type not supported", e);
            }
        } catch (Throwable th) {
            SSL.freeBIO(j);
            if (j2 != 0) {
                SSL.freeX509Chain(j2);
            }
            if (pemEncoded != null) {
                pemEncoded.release();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509KeyManager keyManager() {
        return this.keyManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v58, types: [io.netty.handler.ssl.OpenSslKeyMaterial] */
    public OpenSslKeyMaterial chooseKeyMaterial(ByteBufAllocator byteBufAllocator, String str) throws Exception {
        DefaultOpenSslKeyMaterial defaultOpenSslKeyMaterial;
        X509Certificate[] certificateChain = this.keyManager.getCertificateChain(str);
        if (certificateChain == null || certificateChain.length == 0) {
            return null;
        }
        PrivateKey privateKey = this.keyManager.getPrivateKey(str);
        PemEncoded pem = PemX509Certificate.toPEM(byteBufAllocator, true, certificateChain);
        long j = 0;
        try {
            long bio = ReferenceCountedOpenSslContext.toBIO(byteBufAllocator, pem.retain());
            long parseX509Chain = SSL.parseX509Chain(bio);
            if (privateKey instanceof OpenSslPrivateKey) {
                defaultOpenSslKeyMaterial = ((OpenSslPrivateKey) privateKey).newKeyMaterial(parseX509Chain, certificateChain);
            } else {
                j = ReferenceCountedOpenSslContext.toBIO(byteBufAllocator, privateKey);
                defaultOpenSslKeyMaterial = new DefaultOpenSslKeyMaterial(parseX509Chain, privateKey == null ? 0L : SSL.parsePrivateKey(j, this.password), certificateChain);
            }
            DefaultOpenSslKeyMaterial defaultOpenSslKeyMaterial2 = defaultOpenSslKeyMaterial;
            SSL.freeBIO(bio);
            SSL.freeBIO(j);
            if (0 != 0) {
                SSL.freeX509Chain(0L);
            }
            if (0 != 0) {
                SSL.freePrivateKey(0L);
            }
            pem.release();
            return defaultOpenSslKeyMaterial2;
        } catch (Throwable th) {
            SSL.freeBIO(0L);
            SSL.freeBIO(0L);
            if (0 != 0) {
                SSL.freeX509Chain(0L);
            }
            if (0 != 0) {
                SSL.freePrivateKey(0L);
            }
            pem.release();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void destroy() {
    }
}
