package io.netty.handler.ssl;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.UnpooledByteBufAllocator;
import io.netty.internal.tcnative.Buffer;
import io.netty.internal.tcnative.Library;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import io.netty.util.CharsetUtil;
import io.netty.util.ReferenceCountUtil;
import io.netty.util.ReferenceCounted;
import io.netty.util.internal.EmptyArrays;
import io.netty.util.internal.NativeLibraryLoader;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import org.apache.commons.codec.language.bm.Rule;
import org.apache.maven.artifact.Artifact;
import org.apache.pulsar.common.util.keystoretls.KeyStoreSSLContext;
import org.apache.pulsar.kafka.shade.io.confluent.kafka.schemaregistry.utils.QualifiedSubject;
import org.infinispan.xsite.GlobalXSiteAdminOperations;

/* loaded from: input_file:META-INF/bundled-dependencies/netty-handler-4.1.100.Final.jar:io/netty/handler/ssl/OpenSsl.class */
public final class OpenSsl {
    private static final InternalLogger logger;
    private static final Throwable UNAVAILABILITY_CAUSE;
    static final List<String> DEFAULT_CIPHERS;
    static final Set<String> AVAILABLE_CIPHER_SUITES;
    private static final Set<String> AVAILABLE_OPENSSL_CIPHER_SUITES;
    private static final Set<String> AVAILABLE_JAVA_CIPHER_SUITES;
    private static final boolean SUPPORTS_KEYMANAGER_FACTORY;
    private static final boolean USE_KEYMANAGER_FACTORY;
    private static final boolean SUPPORTS_OCSP;
    private static final boolean TLSV13_SUPPORTED;
    private static final boolean IS_BORINGSSL;
    private static final Set<String> CLIENT_DEFAULT_PROTOCOLS;
    private static final Set<String> SERVER_DEFAULT_PROTOCOLS;
    static final Set<String> SUPPORTED_PROTOCOLS_SET;
    static final String[] EXTRA_SUPPORTED_TLS_1_3_CIPHERS;
    static final String EXTRA_SUPPORTED_TLS_1_3_CIPHERS_STRING;
    static final String[] NAMED_GROUPS;
    static final boolean JAVAX_CERTIFICATE_CREATION_SUPPORTED;
    private static final String[] DEFAULT_NAMED_GROUPS;
    private static final String CERT = "-----BEGIN CERTIFICATE-----\nMIICrjCCAZagAwIBAgIIdSvQPv1QAZQwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UEAxMLZXhhbXBs\nZS5jb20wIBcNMTgwNDA2MjIwNjU5WhgPOTk5OTEyMzEyMzU5NTlaMBYxFDASBgNVBAMTC2V4YW1w\nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggbWsmDQ6zNzRZ5AW8E3eoGl\nqWvOBDb5Fs1oBRrVQHuYmVAoaqwDzXYJ0LOwa293AgWEQ1jpcbZ2hpoYQzqEZBTLnFhMrhRFlH6K\nbJND8Y33kZ/iSVBBDuGbdSbJShlM+4WwQ9IAso4MZ4vW3S1iv5fGGpLgbtXRmBf/RU8omN0Gijlv\nWlLWHWijLN8xQtySFuBQ7ssW8RcKAary3pUm6UUQB+Co6lnfti0Tzag8PgjhAJq2Z3wbsGRnP2YS\nvYoaK6qzmHXRYlp/PxrjBAZAmkLJs4YTm/XFF+fkeYx4i9zqHbyone5yerRibsHaXZWLnUL+rFoe\nMdKvr0VS3sGmhQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQADQi441pKmXf9FvUV5EHU4v8nJT9Iq\nyqwsKwXnr7AsUlDGHBD7jGrjAXnG5rGxuNKBQ35wRxJATKrUtyaquFUL6H8O6aGQehiFTk6zmPbe\n12Gu44vqqTgIUxnv3JQJiox8S2hMxsSddpeCmSdvmalvD6WG4NthH6B9ZaBEiep1+0s0RUaBYn73\nI7CCUaAtbjfR6pcJjrFk5ei7uwdQZFSJtkP2z8r7zfeANJddAKFlkaMWn7u+OIVuB4XPooWicObk\nNAHFtP65bocUYnDpTVdiyvn8DdqyZ/EO8n1bBKBzuSLplk2msW4pdgaFgY7Vw/0wzcFXfUXmL1uy\nG8sQD/wx\n-----END CERTIFICATE-----";
    private static final String KEY = "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCBtayYNDrM3NFnkBbwTd6gaWp\na84ENvkWzWgFGtVAe5iZUChqrAPNdgnQs7Brb3cCBYRDWOlxtnaGmhhDOoRkFMucWEyuFEWUfops\nk0PxjfeRn+JJUEEO4Zt1JslKGUz7hbBD0gCyjgxni9bdLWK/l8YakuBu1dGYF/9FTyiY3QaKOW9a\nUtYdaKMs3zFC3JIW4FDuyxbxFwoBqvLelSbpRRAH4KjqWd+2LRPNqDw+COEAmrZnfBuwZGc/ZhK9\nihorqrOYddFiWn8/GuMEBkCaQsmzhhOb9cUX5+R5jHiL3OodvKid7nJ6tGJuwdpdlYudQv6sWh4x\n0q+vRVLewaaFAgMBAAECggEAP8tPJvFtTxhNJAkCloHz0D0vpDHqQBMgntlkgayqmBqLwhyb18pR\ni0qwgh7HHc7wWqOOQuSqlEnrWRrdcI6TSe8R/sErzfTQNoznKWIPYcI/hskk4sdnQ//Yn9/Jvnsv\nU/BBjOTJxtD+sQbhAl80JcA3R+5sArURQkfzzHOL/YMqzAsn5hTzp7HZCxUqBk3KaHRxV7NefeOE\nxlZuWSmxYWfbFIs4kx19/1t7h8CHQWezw+G60G2VBtSBBxDnhBWvqG6R/wpzJ3nEhPLLY9T+XIHe\nipzdMOOOUZorfIg7M+pyYPji+ZIZxIpY5OjrOzXHciAjRtr5Y7l99K1CG1LguQKBgQDrQfIMxxtZ\nvxU/1cRmUV9l7pt5bjV5R6byXq178LxPKVYNjdZ840Q0/OpZEVqaT1xKVi35ohP1QfNjxPLlHD+K\niDAR9z6zkwjIrbwPCnb5kuXy4lpwPcmmmkva25fI7qlpHtbcuQdoBdCfr/KkKaUCMPyY89LCXgEw\n5KTDj64UywKBgQCNfbO+eZLGzhiHhtNJurresCsIGWlInv322gL8CSfBMYl6eNfUTZvUDdFhPISL\nUljKWzXDrjw0ujFSPR0XhUGtiq89H+HUTuPPYv25gVXO+HTgBFZEPl4PpA+BUsSVZy0NddneyqLk\n42Wey9omY9Q8WsdNQS5cbUvy0uG6WFoX7wKBgQDZ1jpW8pa0x2bZsQsm4vo+3G5CRnZlUp+XlWt2\ndDcp5dC0xD1zbs1dc0NcLeGDOTDv9FSl7hok42iHXXq8AygjEm/QcuwwQ1nC2HxmQP5holAiUs4D\nWHM8PWs3wFYPzE459EBoKTxeaeP/uWAn+he8q7d5uWvSZlEcANs/6e77eQKBgD21Ar0hfFfj7mK8\n9E0FeRZBsqK3omkfnhcYgZC11Xa2SgT1yvs2Va2n0RcdM5kncr3eBZav2GYOhhAdwyBM55XuE/sO\neokDVutNeuZ6d5fqV96TRaRBpvgfTvvRwxZ9hvKF4Vz+9wfn/JvCwANaKmegF6ejs7pvmF3whq2k\ndrZVAoGAX5YxQ5XMTD0QbMAl7/6qp6S58xNoVdfCkmkj1ZLKaHKIjS/benkKGlySVQVPexPfnkZx\np/Vv9yyphBoudiTBS9Uog66ueLYZqpgxlM/6OhYg86Gm3U2ycvMxYjBM1NFiyze21AqAhI+HX+Ot\nmraV2/guSgDgZAhukRZzeQ2RucI=\n-----END PRIVATE KEY-----";
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String checkTls13Ciphers(InternalLogger internalLogger, String str) {
        if (IS_BORINGSSL && !str.isEmpty()) {
            if (!$assertionsDisabled && EXTRA_SUPPORTED_TLS_1_3_CIPHERS.length <= 0) {
                throw new AssertionError();
            }
            HashSet hashSet = new HashSet(EXTRA_SUPPORTED_TLS_1_3_CIPHERS.length);
            Collections.addAll(hashSet, EXTRA_SUPPORTED_TLS_1_3_CIPHERS);
            boolean z = false;
            String[] split = str.split(":");
            int length = split.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String str2 = split[i];
                if (hashSet.isEmpty()) {
                    z = true;
                    break;
                }
                if (!hashSet.remove(str2) && !hashSet.remove(CipherSuiteConverter.toJava(str2, KeyStoreSSLContext.DEFAULT_SSL_PROTOCOL))) {
                    z = true;
                    break;
                }
                i++;
            }
            if (z | (!hashSet.isEmpty())) {
                if (internalLogger.isInfoEnabled()) {
                    StringBuilder sb = new StringBuilder(128);
                    for (String str3 : str.split(":")) {
                        sb.append(CipherSuiteConverter.toJava(str3, KeyStoreSSLContext.DEFAULT_SSL_PROTOCOL)).append(":");
                    }
                    sb.setLength(sb.length() - 1);
                    internalLogger.info("BoringSSL doesn't allow to enable or disable TLSv1.3 ciphers explicitly. Provided TLSv1.3 ciphers: '{}', default TLSv1.3 ciphers that will be used: '{}'.", sb, EXTRA_SUPPORTED_TLS_1_3_CIPHERS_STRING);
                }
                return EXTRA_SUPPORTED_TLS_1_3_CIPHERS_STRING;
            }
        }
        return str;
    }

    static boolean isSessionCacheSupported() {
        return ((long) version()) >= 269484032;
    }

    static X509Certificate selfSignedCertificate() throws CertificateException {
        return (X509Certificate) SslContext.X509_CERT_FACTORY.generateCertificate(new ByteArrayInputStream(CERT.getBytes(CharsetUtil.US_ASCII)));
    }

    private static boolean doesSupportOcsp() {
        boolean z = false;
        if (version() >= 268443648) {
            long j = -1;
            try {
                j = SSLContext.make(16, 1);
                SSLContext.enableOcsp(j, false);
                z = true;
                if (j != -1) {
                    SSLContext.free(j);
                }
            } catch (Exception e) {
                if (j != -1) {
                    SSLContext.free(j);
                }
            } catch (Throwable th) {
                if (j != -1) {
                    SSLContext.free(j);
                }
                throw th;
            }
        }
        return z;
    }

    private static boolean doesSupportProtocol(int i, int i2) {
        if (i2 == 0) {
            return false;
        }
        long j = -1;
        try {
            j = SSLContext.make(i, 2);
            if (j != -1) {
                SSLContext.free(j);
            }
            return true;
        } catch (Exception e) {
            if (j != -1) {
                SSLContext.free(j);
            }
            return false;
        } catch (Throwable th) {
            if (j != -1) {
                SSLContext.free(j);
            }
            throw th;
        }
    }

    public static boolean isAvailable() {
        return UNAVAILABILITY_CAUSE == null;
    }

    @Deprecated
    public static boolean isAlpnSupported() {
        return ((long) version()) >= 268443648;
    }

    public static boolean isOcspSupported() {
        return SUPPORTS_OCSP;
    }

    public static int version() {
        if (isAvailable()) {
            return SSL.version();
        }
        return -1;
    }

    public static String versionString() {
        if (isAvailable()) {
            return SSL.versionString();
        }
        return null;
    }

    public static void ensureAvailability() {
        if (UNAVAILABILITY_CAUSE != null) {
            throw ((Error) new UnsatisfiedLinkError("failed to load the required native library").initCause(UNAVAILABILITY_CAUSE));
        }
    }

    public static Throwable unavailabilityCause() {
        return UNAVAILABILITY_CAUSE;
    }

    @Deprecated
    public static Set<String> availableCipherSuites() {
        return availableOpenSslCipherSuites();
    }

    public static Set<String> availableOpenSslCipherSuites() {
        return AVAILABLE_OPENSSL_CIPHER_SUITES;
    }

    public static Set<String> availableJavaCipherSuites() {
        return AVAILABLE_JAVA_CIPHER_SUITES;
    }

    public static boolean isCipherSuiteAvailable(String str) {
        String openSsl = CipherSuiteConverter.toOpenSsl(str, IS_BORINGSSL);
        if (openSsl != null) {
            str = openSsl;
        }
        return AVAILABLE_OPENSSL_CIPHER_SUITES.contains(str);
    }

    public static boolean supportsKeyManagerFactory() {
        return SUPPORTS_KEYMANAGER_FACTORY;
    }

    @Deprecated
    public static boolean supportsHostnameValidation() {
        return isAvailable();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean useKeyManagerFactory() {
        return USE_KEYMANAGER_FACTORY;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long memoryAddress(ByteBuf byteBuf) {
        if ($assertionsDisabled || byteBuf.isDirect()) {
            return byteBuf.hasMemoryAddress() ? byteBuf.memoryAddress() : Buffer.address(byteBuf.internalNioBuffer(0, byteBuf.readableBytes()));
        }
        throw new AssertionError();
    }

    private OpenSsl() {
    }

    private static void loadTcNative() throws Exception {
        String normalizedOs = PlatformDependent.normalizedOs();
        String normalizedArch = PlatformDependent.normalizedArch();
        LinkedHashSet linkedHashSet = new LinkedHashSet(5);
        if ("linux".equals(normalizedOs)) {
            Iterator<String> it = PlatformDependent.normalizedLinuxClassifiers().iterator();
            while (it.hasNext()) {
                linkedHashSet.add("netty_tcnative" + QualifiedSubject.TENANT_DELIMITER + normalizedOs + '_' + normalizedArch + QualifiedSubject.TENANT_DELIMITER + it.next());
            }
            linkedHashSet.add("netty_tcnative" + QualifiedSubject.TENANT_DELIMITER + normalizedOs + '_' + normalizedArch);
            linkedHashSet.add("netty_tcnative" + QualifiedSubject.TENANT_DELIMITER + normalizedOs + '_' + normalizedArch + "_fedora");
        } else {
            linkedHashSet.add("netty_tcnative" + QualifiedSubject.TENANT_DELIMITER + normalizedOs + '_' + normalizedArch);
        }
        linkedHashSet.add("netty_tcnative" + QualifiedSubject.TENANT_DELIMITER + normalizedArch);
        linkedHashSet.add("netty_tcnative");
        NativeLibraryLoader.loadFirstAvailable(PlatformDependent.getClassLoader(SSLContext.class), (String[]) linkedHashSet.toArray(EmptyArrays.EMPTY_STRINGS));
    }

    private static boolean initializeTcNative(String str) throws Exception {
        return Library.initialize(Artifact.SCOPE_PROVIDED, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void releaseIfNeeded(ReferenceCounted referenceCounted) {
        if (referenceCounted.refCnt() > 0) {
            ReferenceCountUtil.safeRelease(referenceCounted);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isTlsv13Supported() {
        return TLSV13_SUPPORTED;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isOptionSupported(SslContextOption<?> sslContextOption) {
        if (!isAvailable()) {
            return false;
        }
        if (sslContextOption == OpenSslContextOption.USE_TASKS) {
            return true;
        }
        if (isBoringSSL()) {
            return sslContextOption == OpenSslContextOption.ASYNC_PRIVATE_KEY_METHOD || sslContextOption == OpenSslContextOption.PRIVATE_KEY_METHOD || sslContextOption == OpenSslContextOption.CERTIFICATE_COMPRESSION_ALGORITHMS || sslContextOption == OpenSslContextOption.TLS_FALSE_START || sslContextOption == OpenSslContextOption.MAX_CERTIFICATE_LIST_BYTES;
        }
        return false;
    }

    private static Set<String> protocols(String str) {
        String str2 = SystemPropertyUtil.get(str, null);
        if (str2 == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        for (String str3 : str2.split(GlobalXSiteAdminOperations.CACHE_DELIMITER)) {
            hashSet.add(str3.trim());
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String[] defaultProtocols(boolean z) {
        Set<String> set = z ? CLIENT_DEFAULT_PROTOCOLS : SERVER_DEFAULT_PROTOCOLS;
        if (set == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList(set.size());
        for (String str : set) {
            if (SUPPORTED_PROTOCOLS_SET.contains(str)) {
                arrayList.add(str);
            }
        }
        return (String[]) arrayList.toArray(EmptyArrays.EMPTY_STRINGS);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isBoringSSL() {
        return IS_BORINGSSL;
    }

    /* JADX WARN: Finally extract failed */
    static {
        boolean z;
        long make;
        long j;
        long j2;
        long j3;
        long j4;
        $assertionsDisabled = !OpenSsl.class.desiredAssertionStatus();
        logger = InternalLoggerFactory.getInstance((Class<?>) OpenSsl.class);
        DEFAULT_NAMED_GROUPS = new String[]{"x25519", "secp256r1", "secp384r1", "secp521r1"};
        Throwable th = null;
        if (SystemPropertyUtil.getBoolean("io.netty.handler.ssl.noOpenSsl", false)) {
            th = new UnsupportedOperationException("OpenSSL was explicit disabled with -Dio.netty.handler.ssl.noOpenSsl=true");
            logger.debug("netty-tcnative explicit disabled; " + OpenSslEngine.class.getSimpleName() + " will be unavailable.", th);
        } else {
            try {
                Class.forName("io.netty.internal.tcnative.SSLContext", false, PlatformDependent.getClassLoader(OpenSsl.class));
            } catch (ClassNotFoundException e) {
                th = e;
                logger.debug("netty-tcnative not in the classpath; " + OpenSslEngine.class.getSimpleName() + " will be unavailable.");
            }
            if (th == null) {
                try {
                    loadTcNative();
                } catch (Throwable th2) {
                    th = th2;
                    logger.debug("Failed to load netty-tcnative; " + OpenSslEngine.class.getSimpleName() + " will be unavailable, unless the application has already loaded the symbols by some other means. See https://netty.io/wiki/forked-tomcat-native.html for more information.", th2);
                }
                try {
                    String str = SystemPropertyUtil.get("io.netty.handler.ssl.openssl.engine", null);
                    if (str == null) {
                        logger.debug("Initialize netty-tcnative using engine: 'default'");
                    } else {
                        logger.debug("Initialize netty-tcnative using engine: '{}'", str);
                    }
                    initializeTcNative(str);
                    th = null;
                } catch (Throwable th3) {
                    if (th == null) {
                        th = th3;
                    }
                    logger.debug("Failed to initialize netty-tcnative; " + OpenSslEngine.class.getSimpleName() + " will be unavailable. See https://netty.io/wiki/forked-tomcat-native.html for more information.", th3);
                }
            }
        }
        UNAVAILABILITY_CAUSE = th;
        CLIENT_DEFAULT_PROTOCOLS = protocols("jdk.tls.client.protocols");
        SERVER_DEFAULT_PROTOCOLS = protocols("jdk.tls.server.protocols");
        if (th != null) {
            DEFAULT_CIPHERS = Collections.emptyList();
            AVAILABLE_OPENSSL_CIPHER_SUITES = Collections.emptySet();
            AVAILABLE_JAVA_CIPHER_SUITES = Collections.emptySet();
            AVAILABLE_CIPHER_SUITES = Collections.emptySet();
            SUPPORTS_KEYMANAGER_FACTORY = false;
            USE_KEYMANAGER_FACTORY = false;
            SUPPORTED_PROTOCOLS_SET = Collections.emptySet();
            SUPPORTS_OCSP = false;
            TLSV13_SUPPORTED = false;
            IS_BORINGSSL = false;
            EXTRA_SUPPORTED_TLS_1_3_CIPHERS = EmptyArrays.EMPTY_STRINGS;
            EXTRA_SUPPORTED_TLS_1_3_CIPHERS_STRING = "";
            NAMED_GROUPS = DEFAULT_NAMED_GROUPS;
            JAVAX_CERTIFICATE_CREATION_SUPPORTED = false;
            return;
        }
        logger.debug("netty-tcnative using native library: {}", SSL.versionString());
        ArrayList arrayList = new ArrayList();
        LinkedHashSet linkedHashSet = new LinkedHashSet(128);
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        String[] strArr = DEFAULT_NAMED_GROUPS;
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr2[i] = GroupsConverter.toOpenSsl(strArr[i]);
        }
        IS_BORINGSSL = "BoringSSL".equals(versionString());
        if (IS_BORINGSSL) {
            EXTRA_SUPPORTED_TLS_1_3_CIPHERS = new String[]{Ciphers.TLS_AES_128_GCM_SHA256, Ciphers.TLS_AES_256_GCM_SHA384, Ciphers.TLS_CHACHA20_POLY1305_SHA256};
            StringBuilder sb = new StringBuilder(128);
            for (String str2 : EXTRA_SUPPORTED_TLS_1_3_CIPHERS) {
                sb.append(str2).append(":");
            }
            sb.setLength(sb.length() - 1);
            EXTRA_SUPPORTED_TLS_1_3_CIPHERS_STRING = sb.toString();
        } else {
            EXTRA_SUPPORTED_TLS_1_3_CIPHERS = EmptyArrays.EMPTY_STRINGS;
            EXTRA_SUPPORTED_TLS_1_3_CIPHERS_STRING = "";
        }
        try {
            make = SSLContext.make(63, 1);
            j = 0;
            j2 = 0;
            j3 = 0;
            j4 = 0;
        } catch (Exception e2) {
            logger.warn("Failed to get the list of available OpenSSL cipher suites.", (Throwable) e2);
        }
        try {
            if (SslProvider.isTlsv13Supported(SslProvider.JDK)) {
                try {
                    StringBuilder sb2 = new StringBuilder();
                    Iterator<String> it = SslUtils.TLSV13_CIPHERS.iterator();
                    while (it.hasNext()) {
                        String openSsl = CipherSuiteConverter.toOpenSsl(it.next(), IS_BORINGSSL);
                        if (openSsl != null) {
                            sb2.append(openSsl).append(':');
                        }
                    }
                    if (sb2.length() == 0) {
                        z4 = false;
                    } else {
                        sb2.setLength(sb2.length() - 1);
                        SSLContext.setCipherSuite(make, sb2.toString(), true);
                        z4 = true;
                    }
                } catch (Exception e3) {
                    z4 = false;
                }
            }
            SSLContext.setCipherSuite(make, Rule.ALL, false);
            long newSSL = SSL.newSSL(make, true);
            try {
                for (String str3 : SSL.getCiphers(newSSL)) {
                    if (str3 != null && !str3.isEmpty() && !linkedHashSet.contains(str3) && (z4 || !SslUtils.isTLSv13Cipher(str3))) {
                        linkedHashSet.add(str3);
                    }
                }
                if (IS_BORINGSSL) {
                    Collections.addAll(linkedHashSet, EXTRA_SUPPORTED_TLS_1_3_CIPHERS);
                    Collections.addAll(linkedHashSet, "AEAD-AES128-GCM-SHA256", "AEAD-AES256-GCM-SHA384", "AEAD-CHACHA20-POLY1305-SHA256");
                }
                PemPrivateKey valueOf = PemPrivateKey.valueOf(KEY.getBytes(CharsetUtil.US_ASCII));
                try {
                    try {
                        SSLContext.setCertificateCallback(make, null);
                        j = ReferenceCountedOpenSslContext.toBIO(ByteBufAllocator.DEFAULT, selfSignedCertificate());
                        j3 = SSL.parseX509Chain(j);
                        j2 = ReferenceCountedOpenSslContext.toBIO(UnpooledByteBufAllocator.DEFAULT, valueOf.retain());
                        j4 = SSL.parsePrivateKey(j2, null);
                        SSL.setKeyMaterial(newSSL, j3, j4);
                        z2 = true;
                        try {
                            boolean contains = SystemPropertyUtil.contains("io.netty.handler.ssl.openssl.useKeyManagerFactory");
                            if (IS_BORINGSSL) {
                                z3 = true;
                                if (contains) {
                                    logger.info("System property 'io.netty.handler.ssl.openssl.useKeyManagerFactory' is deprecated and will be ignored when using BoringSSL");
                                }
                            } else {
                                z3 = SystemPropertyUtil.getBoolean("io.netty.handler.ssl.openssl.useKeyManagerFactory", true);
                                if (contains) {
                                    logger.info("System property 'io.netty.handler.ssl.openssl.useKeyManagerFactory' is deprecated and so will be ignored in the future");
                                }
                            }
                        } catch (Throwable th4) {
                            logger.debug("Failed to get useKeyManagerFactory system property.");
                        }
                        valueOf.release();
                    } catch (Throwable th5) {
                        valueOf.release();
                        throw th5;
                    }
                } catch (Error e4) {
                    logger.debug("KeyManagerFactory not supported.");
                    valueOf.release();
                }
                SSL.freeSSL(newSSL);
                if (j != 0) {
                    SSL.freeBIO(j);
                }
                if (j2 != 0) {
                    SSL.freeBIO(j2);
                }
                if (j3 != 0) {
                    SSL.freeX509Chain(j3);
                }
                if (j4 != 0) {
                    SSL.freePrivateKey(j4);
                }
                String str4 = SystemPropertyUtil.get("jdk.tls.namedGroups", null);
                if (str4 != null) {
                    String[] split = str4.split(GlobalXSiteAdminOperations.CACHE_DELIMITER);
                    LinkedHashSet linkedHashSet2 = new LinkedHashSet(split.length);
                    LinkedHashSet linkedHashSet3 = new LinkedHashSet(split.length);
                    LinkedHashSet linkedHashSet4 = new LinkedHashSet();
                    for (String str5 : split) {
                        String openSsl2 = GroupsConverter.toOpenSsl(str5);
                        if (SSLContext.setCurvesList(make, openSsl2)) {
                            linkedHashSet3.add(openSsl2);
                            linkedHashSet2.add(str5);
                        } else {
                            linkedHashSet4.add(str5);
                        }
                    }
                    if (linkedHashSet2.isEmpty()) {
                        strArr = strArr2;
                        logger.info("All configured namedGroups are not supported: {}. Use default: {}.", Arrays.toString(linkedHashSet4.toArray(EmptyArrays.EMPTY_STRINGS)), Arrays.toString(DEFAULT_NAMED_GROUPS));
                    } else {
                        String[] strArr3 = (String[]) linkedHashSet2.toArray(EmptyArrays.EMPTY_STRINGS);
                        if (linkedHashSet4.isEmpty()) {
                            logger.info("Using configured namedGroups -D 'jdk.tls.namedGroup': {} ", Arrays.toString(strArr3));
                        } else {
                            logger.info("Using supported configured namedGroups: {}. Unsupported namedGroups: {}. ", Arrays.toString(strArr3), Arrays.toString(linkedHashSet4.toArray(EmptyArrays.EMPTY_STRINGS)));
                        }
                        strArr = (String[]) linkedHashSet3.toArray(EmptyArrays.EMPTY_STRINGS);
                    }
                } else {
                    strArr = strArr2;
                }
                SSLContext.free(make);
                NAMED_GROUPS = strArr;
                AVAILABLE_OPENSSL_CIPHER_SUITES = Collections.unmodifiableSet(linkedHashSet);
                LinkedHashSet linkedHashSet5 = new LinkedHashSet(AVAILABLE_OPENSSL_CIPHER_SUITES.size() * 2);
                for (String str6 : AVAILABLE_OPENSSL_CIPHER_SUITES) {
                    if (SslUtils.isTLSv13Cipher(str6)) {
                        linkedHashSet5.add(str6);
                    } else {
                        linkedHashSet5.add(CipherSuiteConverter.toJava(str6, KeyStoreSSLContext.DEFAULT_SSL_PROTOCOL));
                        linkedHashSet5.add(CipherSuiteConverter.toJava(str6, "SSL"));
                    }
                }
                SslUtils.addIfSupported(linkedHashSet5, arrayList, SslUtils.DEFAULT_CIPHER_SUITES);
                SslUtils.addIfSupported(linkedHashSet5, arrayList, SslUtils.TLSV13_CIPHER_SUITES);
                SslUtils.addIfSupported(linkedHashSet5, arrayList, EXTRA_SUPPORTED_TLS_1_3_CIPHERS);
                SslUtils.useFallbackCiphersIfDefaultIsEmpty(arrayList, linkedHashSet5);
                DEFAULT_CIPHERS = Collections.unmodifiableList(arrayList);
                AVAILABLE_JAVA_CIPHER_SUITES = Collections.unmodifiableSet(linkedHashSet5);
                LinkedHashSet linkedHashSet6 = new LinkedHashSet(AVAILABLE_OPENSSL_CIPHER_SUITES.size() + AVAILABLE_JAVA_CIPHER_SUITES.size());
                linkedHashSet6.addAll(AVAILABLE_OPENSSL_CIPHER_SUITES);
                linkedHashSet6.addAll(AVAILABLE_JAVA_CIPHER_SUITES);
                AVAILABLE_CIPHER_SUITES = linkedHashSet6;
                SUPPORTS_KEYMANAGER_FACTORY = z2;
                USE_KEYMANAGER_FACTORY = z3;
                LinkedHashSet linkedHashSet7 = new LinkedHashSet(6);
                linkedHashSet7.add(SslProtocols.SSL_v2_HELLO);
                if (doesSupportProtocol(1, SSL.SSL_OP_NO_SSLv2)) {
                    linkedHashSet7.add(SslProtocols.SSL_v2);
                }
                if (doesSupportProtocol(2, SSL.SSL_OP_NO_SSLv3)) {
                    linkedHashSet7.add(SslProtocols.SSL_v3);
                }
                if (doesSupportProtocol(4, SSL.SSL_OP_NO_TLSv1)) {
                    linkedHashSet7.add(SslProtocols.TLS_v1);
                }
                if (doesSupportProtocol(8, SSL.SSL_OP_NO_TLSv1_1)) {
                    linkedHashSet7.add(SslProtocols.TLS_v1_1);
                }
                if (doesSupportProtocol(16, SSL.SSL_OP_NO_TLSv1_2)) {
                    linkedHashSet7.add("TLSv1.2");
                }
                if (z4 && doesSupportProtocol(32, SSL.SSL_OP_NO_TLSv1_3)) {
                    linkedHashSet7.add(SslProtocols.TLS_v1_3);
                    TLSV13_SUPPORTED = true;
                } else {
                    TLSV13_SUPPORTED = false;
                }
                SUPPORTED_PROTOCOLS_SET = Collections.unmodifiableSet(linkedHashSet7);
                SUPPORTS_OCSP = doesSupportOcsp();
                if (logger.isDebugEnabled()) {
                    logger.debug("Supported protocols (OpenSSL): {} ", SUPPORTED_PROTOCOLS_SET);
                    logger.debug("Default cipher suites (OpenSSL): {}", DEFAULT_CIPHERS);
                }
                try {
                    javax.security.cert.X509Certificate.getInstance(CERT.getBytes(CharsetUtil.US_ASCII));
                    z = true;
                } catch (javax.security.cert.CertificateException e5) {
                    z = false;
                }
                JAVAX_CERTIFICATE_CREATION_SUPPORTED = z;
            } catch (Throwable th6) {
                SSL.freeSSL(newSSL);
                if (0 != 0) {
                    SSL.freeBIO(0L);
                }
                if (0 != 0) {
                    SSL.freeBIO(0L);
                }
                if (0 != 0) {
                    SSL.freeX509Chain(0L);
                }
                if (0 != 0) {
                    SSL.freePrivateKey(0L);
                }
                throw th6;
            }
        } catch (Throwable th7) {
            SSLContext.free(make);
            throw th7;
        }
    }
}
