package io.netty.handler.ssl; import io.netty.buffer.ByteBuf; import io.netty.buffer.ByteBufAllocator; import io.netty.buffer.UnpooledByteBufAllocator; import io.netty.internal.tcnative.Buffer; import io.netty.internal.tcnative.CertificateCallback; import io.netty.internal.tcnative.Library; import io.netty.internal.tcnative.SSL; import io.netty.internal.tcnative.SSLContext; import io.netty.util.CharsetUtil; import io.netty.util.ReferenceCountUtil; import io.netty.util.ReferenceCounted; import io.netty.util.internal.EmptyArrays; import io.netty.util.internal.NativeLibraryLoader; import io.netty.util.internal.PlatformDependent; import io.netty.util.internal.SystemPropertyUtil; import io.netty.util.internal.logging.InternalLogger; import io.netty.util.internal.logging.InternalLoggerFactory; import java.io.ByteArrayInputStream; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collections; import java.util.Iterator; import java.util.LinkedHashSet; import java.util.List; import java.util.Set; public final class OpenSsl { static final /* synthetic */ boolean $assertionsDisabled = false; static final Set<String> AVAILABLE_CIPHER_SUITES; private static final Set<String> AVAILABLE_JAVA_CIPHER_SUITES; private static final Set<String> AVAILABLE_OPENSSL_CIPHER_SUITES; private static final String CERT = "-----BEGIN CERTIFICATE-----\nMIICrjCCAZagAwIBAgIIdSvQPv1QAZQwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UEAxMLZXhhbXBs\nZS5jb20wIBcNMTgwNDA2MjIwNjU5WhgPOTk5OTEyMzEyMzU5NTlaMBYxFDASBgNVBAMTC2V4YW1w\nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggbWsmDQ6zNzRZ5AW8E3eoGl\nqWvOBDb5Fs1oBRrVQHuYmVAoaqwDzXYJ0LOwa293AgWEQ1jpcbZ2hpoYQzqEZBTLnFhMrhRFlH6K\nbJND8Y33kZ/iSVBBDuGbdSbJShlM+4WwQ9IAso4MZ4vW3S1iv5fGGpLgbtXRmBf/RU8omN0Gijlv\nWlLWHWijLN8xQtySFuBQ7ssW8RcKAary3pUm6UUQB+Co6lnfti0Tzag8PgjhAJq2Z3wbsGRnP2YS\nvYoaK6qzmHXRYlp/PxrjBAZAmkLJs4YTm/XFF+fkeYx4i9zqHbyone5yerRibsHaXZWLnUL+rFoe\nMdKvr0VS3sGmhQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQADQi441pKmXf9FvUV5EHU4v8nJT9Iq\nyqwsKwXnr7AsUlDGHBD7jGrjAXnG5rGxuNKBQ35wRxJATKrUtyaquFUL6H8O6aGQehiFTk6zmPbe\n12Gu44vqqTgIUxnv3JQJiox8S2hMxsSddpeCmSdvmalvD6WG4NthH6B9ZaBEiep1+0s0RUaBYn73\nI7CCUaAtbjfR6pcJjrFk5ei7uwdQZFSJtkP2z8r7zfeANJddAKFlkaMWn7u+OIVuB4XPooWicObk\nNAHFtP65bocUYnDpTVdiyvn8DdqyZ/EO8n1bBKBzuSLplk2msW4pdgaFgY7Vw/0wzcFXfUXmL1uy\nG8sQD/wx\n-----END CERTIFICATE-----"; static final List<String> DEFAULT_CIPHERS; static final String[] EXTRA_SUPPORTED_TLS_1_3_CIPHERS; private static final boolean IS_BORINGSSL; private static final String KEY = "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCBtayYNDrM3NFnkBbwTd6gaWp\na84ENvkWzWgFGtVAe5iZUChqrAPNdgnQs7Brb3cCBYRDWOlxtnaGmhhDOoRkFMucWEyuFEWUfops\nk0PxjfeRn+JJUEEO4Zt1JslKGUz7hbBD0gCyjgxni9bdLWK/l8YakuBu1dGYF/9FTyiY3QaKOW9a\nUtYdaKMs3zFC3JIW4FDuyxbxFwoBqvLelSbpRRAH4KjqWd+2LRPNqDw+COEAmrZnfBuwZGc/ZhK9\nihorqrOYddFiWn8/GuMEBkCaQsmzhhOb9cUX5+R5jHiL3OodvKid7nJ6tGJuwdpdlYudQv6sWh4x\n0q+vRVLewaaFAgMBAAECggEAP8tPJvFtTxhNJAkCloHz0D0vpDHqQBMgntlkgayqmBqLwhyb18pR\ni0qwgh7HHc7wWqOOQuSqlEnrWRrdcI6TSe8R/sErzfTQNoznKWIPYcI/hskk4sdnQ//Yn9/Jvnsv\nU/BBjOTJxtD+sQbhAl80JcA3R+5sArURQkfzzHOL/YMqzAsn5hTzp7HZCxUqBk3KaHRxV7NefeOE\nxlZuWSmxYWfbFIs4kx19/1t7h8CHQWezw+G60G2VBtSBBxDnhBWvqG6R/wpzJ3nEhPLLY9T+XIHe\nipzdMOOOUZorfIg7M+pyYPji+ZIZxIpY5OjrOzXHciAjRtr5Y7l99K1CG1LguQKBgQDrQfIMxxtZ\nvxU/1cRmUV9l7pt5bjV5R6byXq178LxPKVYNjdZ840Q0/OpZEVqaT1xKVi35ohP1QfNjxPLlHD+K\niDAR9z6zkwjIrbwPCnb5kuXy4lpwPcmmmkva25fI7qlpHtbcuQdoBdCfr/KkKaUCMPyY89LCXgEw\n5KTDj64UywKBgQCNfbO+eZLGzhiHhtNJurresCsIGWlInv322gL8CSfBMYl6eNfUTZvUDdFhPISL\nUljKWzXDrjw0ujFSPR0XhUGtiq89H+HUTuPPYv25gVXO+HTgBFZEPl4PpA+BUsSVZy0NddneyqLk\n42Wey9omY9Q8WsdNQS5cbUvy0uG6WFoX7wKBgQDZ1jpW8pa0x2bZsQsm4vo+3G5CRnZlUp+XlWt2\ndDcp5dC0xD1zbs1dc0NcLeGDOTDv9FSl7hok42iHXXq8AygjEm/QcuwwQ1nC2HxmQP5holAiUs4D\nWHM8PWs3wFYPzE459EBoKTxeaeP/uWAn+he8q7d5uWvSZlEcANs/6e77eQKBgD21Ar0hfFfj7mK8\n9E0FeRZBsqK3omkfnhcYgZC11Xa2SgT1yvs2Va2n0RcdM5kncr3eBZav2GYOhhAdwyBM55XuE/sO\neokDVutNeuZ6d5fqV96TRaRBpvgfTvvRwxZ9hvKF4Vz+9wfn/JvCwANaKmegF6ejs7pvmF3whq2k\ndrZVAoGAX5YxQ5XMTD0QbMAl7/6qp6S58xNoVdfCkmkj1ZLKaHKIjS/benkKGlySVQVPexPfnkZx\np/Vv9yyphBoudiTBS9Uog66ueLYZqpgxlM/6OhYg86Gm3U2ycvMxYjBM1NFiyze21AqAhI+HX+Ot\nmraV2/guSgDgZAhukRZzeQ2RucI=\n-----END PRIVATE KEY-----"; static final Set<String> SUPPORTED_PROTOCOLS_SET; private static final boolean SUPPORTS_KEYMANAGER_FACTORY; private static final boolean SUPPORTS_OCSP; private static final boolean TLSV13_SUPPORTED; private static final Throwable UNAVAILABILITY_CAUSE; private static final boolean USE_KEYMANAGER_FACTORY; private static final InternalLogger logger; /* JADX WARNING: Removed duplicated region for block: B:147:0x0273 A[Catch:{ all -> 0x02c1 }] */ /* JADX WARNING: Removed duplicated region for block: B:150:0x027a A[Catch:{ all -> 0x02c1 }] */ /* JADX WARNING: Removed duplicated region for block: B:153:0x0281 A[Catch:{ all -> 0x02c1 }] */ /* JADX WARNING: Removed duplicated region for block: B:156:0x0288 A[Catch:{ all -> 0x02c1 }] */ /* JADX WARNING: Removed duplicated region for block: B:167:0x02a8 */ /* JADX WARNING: Removed duplicated region for block: B:170:0x02af */ /* JADX WARNING: Removed duplicated region for block: B:173:0x02b6 */ /* JADX WARNING: Removed duplicated region for block: B:176:0x02bd */ /* JADX WARNING: Removed duplicated region for block: B:190:0x02f3 */ /* JADX WARNING: Removed duplicated region for block: B:196:0x035e */ /* JADX WARNING: Removed duplicated region for block: B:199:0x036b */ /* JADX WARNING: Removed duplicated region for block: B:202:0x0379 */ /* JADX WARNING: Removed duplicated region for block: B:205:0x0388 */ /* JADX WARNING: Removed duplicated region for block: B:208:0x0397 */ /* JADX WARNING: Removed duplicated region for block: B:210:0x039e */ /* JADX WARNING: Removed duplicated region for block: B:216:0x03c6 */ /* JADX WARNING: Removed duplicated region for block: B:233:? A[RETURN, SYNTHETIC] */ static { Throwable e10; boolean z10; boolean z11; boolean z12; InternalLogger internalLogger; Exception e11; Throwable th; long j2; long j10; long j11; long j12; Throwable th2; Throwable th3; long j13; boolean z13; boolean z14; Throwable th4; InternalLogger instance = InternalLoggerFactory.getInstance(OpenSsl.class); logger = instance; if (SystemPropertyUtil.getBoolean("io.netty.handler.ssl.noOpenSsl", false)) { e10 = new UnsupportedOperationException("OpenSSL was explicit disabled with -Dio.netty.handler.ssl.noOpenSsl=true"); instance.debug("netty-tcnative explicit disabled; " + OpenSslEngine.class.getSimpleName() + " will be unavailable.", e10); } else { try { Class.forName("io.netty.internal.tcnative.SSLContext", false, PlatformDependent.getClassLoader(OpenSsl.class)); e10 = null; } catch (ClassNotFoundException e12) { e10 = e12; logger.debug("netty-tcnative not in the classpath; " + OpenSslEngine.class.getSimpleName() + " will be unavailable."); } if (e10 == null) { try { loadTcNative(); th4 = e10; } catch (Throwable th5) { th4 = th5; logger.debug("Failed to load netty-tcnative; " + OpenSslEngine.class.getSimpleName() + " will be unavailable, unless the application has already loaded the symbols by some other means. See https://netty.io/wiki/forked-tomcat-native.html for more information.", th4); } try { String str = SystemPropertyUtil.get("io.netty.handler.ssl.openssl.engine", null); if (str == null) { logger.debug("Initialize netty-tcnative using engine: 'default'"); } else { logger.debug("Initialize netty-tcnative using engine: '{}'", str); } initializeTcNative(str); e10 = null; } catch (Throwable th6) { if (th4 == null) { th4 = th6; } logger.debug("Failed to initialize netty-tcnative; " + OpenSslEngine.class.getSimpleName() + " will be unavailable. See https://netty.io/wiki/forked-tomcat-native.html for more information.", th6); e10 = th4; } } } UNAVAILABILITY_CAUSE = e10; if (e10 == null) { logger.debug("netty-tcnative using native library: {}", SSL.versionString()); ArrayList arrayList = new ArrayList(); LinkedHashSet linkedHashSet = new LinkedHashSet(128); boolean equals = "BoringSSL".equals(versionString()); IS_BORINGSSL = equals; if (equals) { EXTRA_SUPPORTED_TLS_1_3_CIPHERS = new String[]{"TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256"}; } else { EXTRA_SUPPORTED_TLS_1_3_CIPHERS = EmptyArrays.EMPTY_STRINGS; } try { long make = SSLContext.make(63, 1); try { StringBuilder sb2 = new StringBuilder(); for (String str2 : SslUtils.TLSV13_CIPHERS) { String openSsl = CipherSuiteConverter.toOpenSsl(str2, IS_BORINGSSL); if (openSsl != null) { sb2.append(openSsl); sb2.append(':'); } } if (sb2.length() == 0) { z14 = false; } else { sb2.setLength(sb2.length() - 1); SSLContext.setCipherSuite(make, sb2.toString(), true); z14 = true; } z10 = z14; } catch (Exception unused) { z10 = false; } catch (Throwable th7) { th = th7; SSLContext.free(make); throw th; } try { SSLContext.setCipherSuite(make, "ALL", false); long newSSL = SSL.newSSL(make, true); try { String[] ciphers = SSL.getCiphers(newSSL); for (String str3 : ciphers) { if (str3 != null && !str3.isEmpty() && !linkedHashSet.contains(str3)) { if (z10 || !SslUtils.isTLSv13Cipher(str3)) { linkedHashSet.add(str3); } } } boolean z15 = IS_BORINGSSL; if (z15) { Collections.addAll(linkedHashSet, EXTRA_SUPPORTED_TLS_1_3_CIPHERS); Collections.addAll(linkedHashSet, "AEAD-AES128-GCM-SHA256", "AEAD-AES256-GCM-SHA384", "AEAD-CHACHA20-POLY1305-SHA256"); } PemPrivateKey valueOf = PemPrivateKey.valueOf(KEY.getBytes(CharsetUtil.US_ASCII)); try { SSLContext.setCertificateCallback(make, (CertificateCallback) null); j11 = ReferenceCountedOpenSslContext.toBIO(ByteBufAllocator.DEFAULT, selfSignedCertificate()); try { j10 = SSL.parseX509Chain(j11); try { j12 = ReferenceCountedOpenSslContext.toBIO(UnpooledByteBufAllocator.DEFAULT, valueOf.retain()); try { j2 = SSL.parsePrivateKey(j12, (String) null); try { SSL.setKeyMaterial(newSSL, j10, j2); try { boolean contains = SystemPropertyUtil.contains("io.netty.handler.ssl.openssl.useKeyManagerFactory"); if (!z15) { z13 = SystemPropertyUtil.getBoolean("io.netty.handler.ssl.openssl.useKeyManagerFactory", true); if (contains) { try { logger.info("System property 'io.netty.handler.ssl.openssl.useKeyManagerFactory' is deprecated and so will be ignored in the future"); } catch (Throwable unused2) { z12 = z13; } } } else { if (contains) { try { logger.info("System property 'io.netty.handler.ssl.openssl.useKeyManagerFactory' is deprecated and will be ignored when using BoringSSL"); } catch (Throwable unused3) { z12 = true; } } z13 = true; } z12 = z13; } catch (Throwable unused4) { z12 = false; try { logger.debug("Failed to get useKeyManagerFactory system property."); valueOf.release(); j12 = j12; z11 = true; } catch (Error unused5) { j12 = j12; z11 = true; try { logger.debug("KeyManagerFactory not supported."); try { valueOf.release(); SSL.freeSSL(newSSL); if (j11 != 0) { } if (j12 != 0) { } if (j10 != 0) { } if (j2 != 0) { } SSLContext.free(make); Set<String> unmodifiableSet = Collections.unmodifiableSet(linkedHashSet); AVAILABLE_OPENSSL_CIPHER_SUITES = unmodifiableSet; LinkedHashSet linkedHashSet2 = new LinkedHashSet(unmodifiableSet.size() * 2); while (r0.hasNext()) { } SslUtils.addIfSupported(linkedHashSet2, arrayList, SslUtils.DEFAULT_CIPHER_SUITES); SslUtils.addIfSupported(linkedHashSet2, arrayList, SslUtils.TLSV13_CIPHER_SUITES); SslUtils.useFallbackCiphersIfDefaultIsEmpty(arrayList, linkedHashSet2); List<String> unmodifiableList = Collections.unmodifiableList(arrayList); DEFAULT_CIPHERS = unmodifiableList; Set<String> unmodifiableSet2 = Collections.unmodifiableSet(linkedHashSet2); AVAILABLE_JAVA_CIPHER_SUITES = unmodifiableSet2; Set<String> set = AVAILABLE_OPENSSL_CIPHER_SUITES; LinkedHashSet linkedHashSet3 = new LinkedHashSet(set.size() + unmodifiableSet2.size()); linkedHashSet3.addAll(set); linkedHashSet3.addAll(unmodifiableSet2); AVAILABLE_CIPHER_SUITES = linkedHashSet3; SUPPORTS_KEYMANAGER_FACTORY = z11; USE_KEYMANAGER_FACTORY = z12; LinkedHashSet linkedHashSet4 = new LinkedHashSet(6); linkedHashSet4.add("SSLv2Hello"); if (doesSupportProtocol(1, SSL.SSL_OP_NO_SSLv2)) { } if (doesSupportProtocol(2, SSL.SSL_OP_NO_SSLv3)) { } if (doesSupportProtocol(4, SSL.SSL_OP_NO_TLSv1)) { } if (doesSupportProtocol(8, SSL.SSL_OP_NO_TLSv1_1)) { } if (doesSupportProtocol(16, SSL.SSL_OP_NO_TLSv1_2)) { } if (z10) { } TLSV13_SUPPORTED = false; Set<String> unmodifiableSet3 = Collections.unmodifiableSet(linkedHashSet4); SUPPORTED_PROTOCOLS_SET = unmodifiableSet3; SUPPORTS_OCSP = doesSupportOcsp(); internalLogger = logger; if (internalLogger.isDebugEnabled()) { } } catch (Throwable th8) { th2 = th8; SSL.freeSSL(newSSL); if (j11 != 0) { } if (j12 != 0) { } if (j10 != 0) { } if (j2 != 0) { } throw th2; } } catch (Throwable th9) { th3 = th9; valueOf.release(); throw th3; } } catch (Throwable th10) { th3 = th10; valueOf.release(); throw th3; } SSL.freeSSL(newSSL); if (j11 != 0) { } if (j12 != 0) { } if (j10 != 0) { } if (j2 != 0) { } SSLContext.free(make); Set<String> unmodifiableSet4 = Collections.unmodifiableSet(linkedHashSet); AVAILABLE_OPENSSL_CIPHER_SUITES = unmodifiableSet4; LinkedHashSet linkedHashSet22 = new LinkedHashSet(unmodifiableSet4.size() * 2); while (r0.hasNext()) { } SslUtils.addIfSupported(linkedHashSet22, arrayList, SslUtils.DEFAULT_CIPHER_SUITES); SslUtils.addIfSupported(linkedHashSet22, arrayList, SslUtils.TLSV13_CIPHER_SUITES); SslUtils.useFallbackCiphersIfDefaultIsEmpty(arrayList, linkedHashSet22); List<String> unmodifiableList2 = Collections.unmodifiableList(arrayList); DEFAULT_CIPHERS = unmodifiableList2; Set<String> unmodifiableSet22 = Collections.unmodifiableSet(linkedHashSet22); AVAILABLE_JAVA_CIPHER_SUITES = unmodifiableSet22; Set<String> set2 = AVAILABLE_OPENSSL_CIPHER_SUITES; LinkedHashSet linkedHashSet32 = new LinkedHashSet(set2.size() + unmodifiableSet22.size()); linkedHashSet32.addAll(set2); linkedHashSet32.addAll(unmodifiableSet22); AVAILABLE_CIPHER_SUITES = linkedHashSet32; SUPPORTS_KEYMANAGER_FACTORY = z11; USE_KEYMANAGER_FACTORY = z12; LinkedHashSet linkedHashSet42 = new LinkedHashSet(6); linkedHashSet42.add("SSLv2Hello"); if (doesSupportProtocol(1, SSL.SSL_OP_NO_SSLv2)) { } if (doesSupportProtocol(2, SSL.SSL_OP_NO_SSLv3)) { } if (doesSupportProtocol(4, SSL.SSL_OP_NO_TLSv1)) { } if (doesSupportProtocol(8, SSL.SSL_OP_NO_TLSv1_1)) { } if (doesSupportProtocol(16, SSL.SSL_OP_NO_TLSv1_2)) { } if (z10) { } TLSV13_SUPPORTED = false; Set<String> unmodifiableSet32 = Collections.unmodifiableSet(linkedHashSet42); SUPPORTED_PROTOCOLS_SET = unmodifiableSet32; SUPPORTS_OCSP = doesSupportOcsp(); internalLogger = logger; if (internalLogger.isDebugEnabled()) { } } } catch (Error unused6) { j12 = j12; z12 = false; z11 = false; logger.debug("KeyManagerFactory not supported."); valueOf.release(); SSL.freeSSL(newSSL); if (j11 != 0) { } if (j12 != 0) { } if (j10 != 0) { } if (j2 != 0) { } SSLContext.free(make); Set<String> unmodifiableSet42 = Collections.unmodifiableSet(linkedHashSet); AVAILABLE_OPENSSL_CIPHER_SUITES = unmodifiableSet42; LinkedHashSet linkedHashSet222 = new LinkedHashSet(unmodifiableSet42.size() * 2); while (r0.hasNext()) { } SslUtils.addIfSupported(linkedHashSet222, arrayList, SslUtils.DEFAULT_CIPHER_SUITES); SslUtils.addIfSupported(linkedHashSet222, arrayList, SslUtils.TLSV13_CIPHER_SUITES); SslUtils.useFallbackCiphersIfDefaultIsEmpty(arrayList, linkedHashSet222); List<String> unmodifiableList22 = Collections.unmodifiableList(arrayList); DEFAULT_CIPHERS = unmodifiableList22; Set<String> unmodifiableSet222 = Collections.unmodifiableSet(linkedHashSet222); AVAILABLE_JAVA_CIPHER_SUITES = unmodifiableSet222; Set<String> set22 = AVAILABLE_OPENSSL_CIPHER_SUITES; LinkedHashSet linkedHashSet322 = new LinkedHashSet(set22.size() + unmodifiableSet222.size()); linkedHashSet322.addAll(set22); linkedHashSet322.addAll(unmodifiableSet222); AVAILABLE_CIPHER_SUITES = linkedHashSet322; SUPPORTS_KEYMANAGER_FACTORY = z11; USE_KEYMANAGER_FACTORY = z12; LinkedHashSet linkedHashSet422 = new LinkedHashSet(6); linkedHashSet422.add("SSLv2Hello"); if (doesSupportProtocol(1, SSL.SSL_OP_NO_SSLv2)) { } if (doesSupportProtocol(2, SSL.SSL_OP_NO_SSLv3)) { } if (doesSupportProtocol(4, SSL.SSL_OP_NO_TLSv1)) { } if (doesSupportProtocol(8, SSL.SSL_OP_NO_TLSv1_1)) { } if (doesSupportProtocol(16, SSL.SSL_OP_NO_TLSv1_2)) { } if (z10) { } TLSV13_SUPPORTED = false; Set<String> unmodifiableSet322 = Collections.unmodifiableSet(linkedHashSet422); SUPPORTED_PROTOCOLS_SET = unmodifiableSet322; SUPPORTS_OCSP = doesSupportOcsp(); internalLogger = logger; if (internalLogger.isDebugEnabled()) { } } catch (Throwable th11) { th3 = th11; valueOf.release(); throw th3; } } catch (Error unused7) { j2 = 0; z12 = false; z11 = false; logger.debug("KeyManagerFactory not supported."); valueOf.release(); SSL.freeSSL(newSSL); if (j11 != 0) { } if (j12 != 0) { } if (j10 != 0) { } if (j2 != 0) { } SSLContext.free(make); Set<String> unmodifiableSet422 = Collections.unmodifiableSet(linkedHashSet); AVAILABLE_OPENSSL_CIPHER_SUITES = unmodifiableSet422; LinkedHashSet linkedHashSet2222 = new LinkedHashSet(unmodifiableSet422.size() * 2); while (r0.hasNext()) { } SslUtils.addIfSupported(linkedHashSet2222, arrayList, SslUtils.DEFAULT_CIPHER_SUITES); SslUtils.addIfSupported(linkedHashSet2222, arrayList, SslUtils.TLSV13_CIPHER_SUITES); SslUtils.useFallbackCiphersIfDefaultIsEmpty(arrayList, linkedHashSet2222); List<String> unmodifiableList222 = Collections.unmodifiableList(arrayList); DEFAULT_CIPHERS = unmodifiableList222; Set<String> unmodifiableSet2222 = Collections.unmodifiableSet(linkedHashSet2222); AVAILABLE_JAVA_CIPHER_SUITES = unmodifiableSet2222; Set<String> set222 = AVAILABLE_OPENSSL_CIPHER_SUITES; LinkedHashSet linkedHashSet3222 = new LinkedHashSet(set222.size() + unmodifiableSet2222.size()); linkedHashSet3222.addAll(set222); linkedHashSet3222.addAll(unmodifiableSet2222); AVAILABLE_CIPHER_SUITES = linkedHashSet3222; SUPPORTS_KEYMANAGER_FACTORY = z11; USE_KEYMANAGER_FACTORY = z12; LinkedHashSet linkedHashSet4222 = new LinkedHashSet(6); linkedHashSet4222.add("SSLv2Hello"); if (doesSupportProtocol(1, SSL.SSL_OP_NO_SSLv2)) { } if (doesSupportProtocol(2, SSL.SSL_OP_NO_SSLv3)) { } if (doesSupportProtocol(4, SSL.SSL_OP_NO_TLSv1)) { } if (doesSupportProtocol(8, SSL.SSL_OP_NO_TLSv1_1)) { } if (doesSupportProtocol(16, SSL.SSL_OP_NO_TLSv1_2)) { } if (z10) { } TLSV13_SUPPORTED = false; Set<String> unmodifiableSet3222 = Collections.unmodifiableSet(linkedHashSet4222); SUPPORTED_PROTOCOLS_SET = unmodifiableSet3222; SUPPORTS_OCSP = doesSupportOcsp(); internalLogger = logger; if (internalLogger.isDebugEnabled()) { } } catch (Throwable th12) { th3 = th12; valueOf.release(); throw th3; } try { valueOf.release(); j12 = j12; z11 = true; } catch (Throwable th13) { th2 = th13; j12 = j12; SSL.freeSSL(newSSL); if (j11 != 0) { SSL.freeBIO(j11); } if (j12 != 0) { SSL.freeBIO(j12); } if (j10 != 0) { SSL.freeX509Chain(j10); } if (j2 != 0) { SSL.freePrivateKey(j2); } throw th2; } } catch (Error unused8) { j12 = 0; j2 = 0; z12 = false; z11 = false; logger.debug("KeyManagerFactory not supported."); valueOf.release(); SSL.freeSSL(newSSL); if (j11 != 0) { } if (j12 != 0) { } if (j10 != 0) { } if (j2 != 0) { } SSLContext.free(make); Set<String> unmodifiableSet4222 = Collections.unmodifiableSet(linkedHashSet); AVAILABLE_OPENSSL_CIPHER_SUITES = unmodifiableSet4222; LinkedHashSet linkedHashSet22222 = new LinkedHashSet(unmodifiableSet4222.size() * 2); while (r0.hasNext()) { } SslUtils.addIfSupported(linkedHashSet22222, arrayList, SslUtils.DEFAULT_CIPHER_SUITES); SslUtils.addIfSupported(linkedHashSet22222, arrayList, SslUtils.TLSV13_CIPHER_SUITES); SslUtils.useFallbackCiphersIfDefaultIsEmpty(arrayList, linkedHashSet22222); List<String> unmodifiableList2222 = Collections.unmodifiableList(arrayList); DEFAULT_CIPHERS = unmodifiableList2222; Set<String> unmodifiableSet22222 = Collections.unmodifiableSet(linkedHashSet22222); AVAILABLE_JAVA_CIPHER_SUITES = unmodifiableSet22222; Set<String> set2222 = AVAILABLE_OPENSSL_CIPHER_SUITES; LinkedHashSet linkedHashSet32222 = new LinkedHashSet(set2222.size() + unmodifiableSet22222.size()); linkedHashSet32222.addAll(set2222); linkedHashSet32222.addAll(unmodifiableSet22222); AVAILABLE_CIPHER_SUITES = linkedHashSet32222; SUPPORTS_KEYMANAGER_FACTORY = z11; USE_KEYMANAGER_FACTORY = z12; LinkedHashSet linkedHashSet42222 = new LinkedHashSet(6); linkedHashSet42222.add("SSLv2Hello"); if (doesSupportProtocol(1, SSL.SSL_OP_NO_SSLv2)) { } if (doesSupportProtocol(2, SSL.SSL_OP_NO_SSLv3)) { } if (doesSupportProtocol(4, SSL.SSL_OP_NO_TLSv1)) { } if (doesSupportProtocol(8, SSL.SSL_OP_NO_TLSv1_1)) { } if (doesSupportProtocol(16, SSL.SSL_OP_NO_TLSv1_2)) { } if (z10) { } TLSV13_SUPPORTED = false; Set<String> unmodifiableSet32222 = Collections.unmodifiableSet(linkedHashSet42222); SUPPORTED_PROTOCOLS_SET = unmodifiableSet32222; SUPPORTS_OCSP = doesSupportOcsp(); internalLogger = logger; if (internalLogger.isDebugEnabled()) { } } catch (Throwable th14) { th3 = th14; valueOf.release(); throw th3; } } catch (Error unused9) { j12 = 0; j10 = 0; j2 = j10; z12 = false; z11 = false; logger.debug("KeyManagerFactory not supported."); valueOf.release(); SSL.freeSSL(newSSL); if (j11 != 0) { } if (j12 != 0) { } if (j10 != 0) { } if (j2 != 0) { } SSLContext.free(make); Set<String> unmodifiableSet42222 = Collections.unmodifiableSet(linkedHashSet); AVAILABLE_OPENSSL_CIPHER_SUITES = unmodifiableSet42222; LinkedHashSet linkedHashSet222222 = new LinkedHashSet(unmodifiableSet42222.size() * 2); while (r0.hasNext()) { } SslUtils.addIfSupported(linkedHashSet222222, arrayList, SslUtils.DEFAULT_CIPHER_SUITES); SslUtils.addIfSupported(linkedHashSet222222, arrayList, SslUtils.TLSV13_CIPHER_SUITES); SslUtils.useFallbackCiphersIfDefaultIsEmpty(arrayList, linkedHashSet222222); List<String> unmodifiableList22222 = Collections.unmodifiableList(arrayList); DEFAULT_CIPHERS = unmodifiableList22222; Set<String> unmodifiableSet222222 = Collections.unmodifiableSet(linkedHashSet222222); AVAILABLE_JAVA_CIPHER_SUITES = unmodifiableSet222222; Set<String> set22222 = AVAILABLE_OPENSSL_CIPHER_SUITES; LinkedHashSet linkedHashSet322222 = new LinkedHashSet(set22222.size() + unmodifiableSet222222.size()); linkedHashSet322222.addAll(set22222); linkedHashSet322222.addAll(unmodifiableSet222222); AVAILABLE_CIPHER_SUITES = linkedHashSet322222; SUPPORTS_KEYMANAGER_FACTORY = z11; USE_KEYMANAGER_FACTORY = z12; LinkedHashSet linkedHashSet422222 = new LinkedHashSet(6); linkedHashSet422222.add("SSLv2Hello"); if (doesSupportProtocol(1, SSL.SSL_OP_NO_SSLv2)) { } if (doesSupportProtocol(2, SSL.SSL_OP_NO_SSLv3)) { } if (doesSupportProtocol(4, SSL.SSL_OP_NO_TLSv1)) { } if (doesSupportProtocol(8, SSL.SSL_OP_NO_TLSv1_1)) { } if (doesSupportProtocol(16, SSL.SSL_OP_NO_TLSv1_2)) { } if (z10) { } TLSV13_SUPPORTED = false; Set<String> unmodifiableSet322222 = Collections.unmodifiableSet(linkedHashSet422222); SUPPORTED_PROTOCOLS_SET = unmodifiableSet322222; SUPPORTS_OCSP = doesSupportOcsp(); internalLogger = logger; if (internalLogger.isDebugEnabled()) { } } catch (Throwable th15) { th3 = th15; j13 = 0; valueOf.release(); throw th3; } } catch (Error unused10) { j12 = 0; j11 = 0; j10 = 0; j2 = j10; z12 = false; z11 = false; logger.debug("KeyManagerFactory not supported."); valueOf.release(); SSL.freeSSL(newSSL); if (j11 != 0) { } if (j12 != 0) { } if (j10 != 0) { } if (j2 != 0) { } SSLContext.free(make); Set<String> unmodifiableSet422222 = Collections.unmodifiableSet(linkedHashSet); AVAILABLE_OPENSSL_CIPHER_SUITES = unmodifiableSet422222; LinkedHashSet linkedHashSet2222222 = new LinkedHashSet(unmodifiableSet422222.size() * 2); while (r0.hasNext()) { } SslUtils.addIfSupported(linkedHashSet2222222, arrayList, SslUtils.DEFAULT_CIPHER_SUITES); SslUtils.addIfSupported(linkedHashSet2222222, arrayList, SslUtils.TLSV13_CIPHER_SUITES); SslUtils.useFallbackCiphersIfDefaultIsEmpty(arrayList, linkedHashSet2222222); List<String> unmodifiableList222222 = Collections.unmodifiableList(arrayList); DEFAULT_CIPHERS = unmodifiableList222222; Set<String> unmodifiableSet2222222 = Collections.unmodifiableSet(linkedHashSet2222222); AVAILABLE_JAVA_CIPHER_SUITES = unmodifiableSet2222222; Set<String> set222222 = AVAILABLE_OPENSSL_CIPHER_SUITES; LinkedHashSet linkedHashSet3222222 = new LinkedHashSet(set222222.size() + unmodifiableSet2222222.size()); linkedHashSet3222222.addAll(set222222); linkedHashSet3222222.addAll(unmodifiableSet2222222); AVAILABLE_CIPHER_SUITES = linkedHashSet3222222; SUPPORTS_KEYMANAGER_FACTORY = z11; USE_KEYMANAGER_FACTORY = z12; LinkedHashSet linkedHashSet4222222 = new LinkedHashSet(6); linkedHashSet4222222.add("SSLv2Hello"); if (doesSupportProtocol(1, SSL.SSL_OP_NO_SSLv2)) { } if (doesSupportProtocol(2, SSL.SSL_OP_NO_SSLv3)) { } if (doesSupportProtocol(4, SSL.SSL_OP_NO_TLSv1)) { } if (doesSupportProtocol(8, SSL.SSL_OP_NO_TLSv1_1)) { } if (doesSupportProtocol(16, SSL.SSL_OP_NO_TLSv1_2)) { } if (z10) { } TLSV13_SUPPORTED = false; Set<String> unmodifiableSet3222222 = Collections.unmodifiableSet(linkedHashSet4222222); SUPPORTED_PROTOCOLS_SET = unmodifiableSet3222222; SUPPORTS_OCSP = doesSupportOcsp(); internalLogger = logger; if (internalLogger.isDebugEnabled()) { } } catch (Throwable th16) { th3 = th16; j13 = 0; valueOf.release(); throw th3; } try { SSL.freeSSL(newSSL); if (j11 != 0) { SSL.freeBIO(j11); } if (j12 != 0) { SSL.freeBIO(j12); } if (j10 != 0) { SSL.freeX509Chain(j10); } if (j2 != 0) { SSL.freePrivateKey(j2); } try { SSLContext.free(make); } catch (Exception e13) { e11 = e13; } Set<String> unmodifiableSet4222222 = Collections.unmodifiableSet(linkedHashSet); AVAILABLE_OPENSSL_CIPHER_SUITES = unmodifiableSet4222222; LinkedHashSet linkedHashSet22222222 = new LinkedHashSet(unmodifiableSet4222222.size() * 2); for (String str4 : unmodifiableSet4222222) { if (!SslUtils.isTLSv13Cipher(str4)) { linkedHashSet22222222.add(CipherSuiteConverter.toJava(str4, "TLS")); linkedHashSet22222222.add(CipherSuiteConverter.toJava(str4, "SSL")); } else { linkedHashSet22222222.add(str4); } } SslUtils.addIfSupported(linkedHashSet22222222, arrayList, SslUtils.DEFAULT_CIPHER_SUITES); SslUtils.addIfSupported(linkedHashSet22222222, arrayList, SslUtils.TLSV13_CIPHER_SUITES); SslUtils.useFallbackCiphersIfDefaultIsEmpty(arrayList, linkedHashSet22222222); List<String> unmodifiableList2222222 = Collections.unmodifiableList(arrayList); DEFAULT_CIPHERS = unmodifiableList2222222; Set<String> unmodifiableSet22222222 = Collections.unmodifiableSet(linkedHashSet22222222); AVAILABLE_JAVA_CIPHER_SUITES = unmodifiableSet22222222; Set<String> set2222222 = AVAILABLE_OPENSSL_CIPHER_SUITES; LinkedHashSet linkedHashSet32222222 = new LinkedHashSet(set2222222.size() + unmodifiableSet22222222.size()); linkedHashSet32222222.addAll(set2222222); linkedHashSet32222222.addAll(unmodifiableSet22222222); AVAILABLE_CIPHER_SUITES = linkedHashSet32222222; SUPPORTS_KEYMANAGER_FACTORY = z11; USE_KEYMANAGER_FACTORY = z12; LinkedHashSet linkedHashSet42222222 = new LinkedHashSet(6); linkedHashSet42222222.add("SSLv2Hello"); if (doesSupportProtocol(1, SSL.SSL_OP_NO_SSLv2)) { linkedHashSet42222222.add("SSLv2"); } if (doesSupportProtocol(2, SSL.SSL_OP_NO_SSLv3)) { linkedHashSet42222222.add("SSLv3"); } if (doesSupportProtocol(4, SSL.SSL_OP_NO_TLSv1)) { linkedHashSet42222222.add("TLSv1"); } if (doesSupportProtocol(8, SSL.SSL_OP_NO_TLSv1_1)) { linkedHashSet42222222.add("TLSv1.1"); } if (doesSupportProtocol(16, SSL.SSL_OP_NO_TLSv1_2)) { linkedHashSet42222222.add("TLSv1.2"); } if (z10 || !doesSupportProtocol(32, SSL.SSL_OP_NO_TLSv1_3)) { TLSV13_SUPPORTED = false; } else { linkedHashSet42222222.add("TLSv1.3"); TLSV13_SUPPORTED = true; } Set<String> unmodifiableSet32222222 = Collections.unmodifiableSet(linkedHashSet42222222); SUPPORTED_PROTOCOLS_SET = unmodifiableSet32222222; SUPPORTS_OCSP = doesSupportOcsp(); internalLogger = logger; if (internalLogger.isDebugEnabled()) { internalLogger.debug("Supported protocols (OpenSSL): {} ", unmodifiableSet32222222); internalLogger.debug("Default cipher suites (OpenSSL): {}", unmodifiableList2222222); } } catch (Throwable th17) { th = th17; SSLContext.free(make); throw th; } } catch (Throwable th18) { th2 = th18; j12 = 0; j11 = 0; j10 = 0; j2 = 0; SSL.freeSSL(newSSL); if (j11 != 0) { } if (j12 != 0) { } if (j10 != 0) { } if (j2 != 0) { } throw th2; } } catch (Throwable th19) { th = th19; SSLContext.free(make); throw th; } } catch (Exception e14) { e11 = e14; z12 = false; z11 = false; z10 = false; logger.warn("Failed to get the list of available OpenSSL cipher suites.", (Throwable) e11); Set<String> unmodifiableSet42222222 = Collections.unmodifiableSet(linkedHashSet); AVAILABLE_OPENSSL_CIPHER_SUITES = unmodifiableSet42222222; LinkedHashSet linkedHashSet222222222 = new LinkedHashSet(unmodifiableSet42222222.size() * 2); while (r0.hasNext()) { } SslUtils.addIfSupported(linkedHashSet222222222, arrayList, SslUtils.DEFAULT_CIPHER_SUITES); SslUtils.addIfSupported(linkedHashSet222222222, arrayList, SslUtils.TLSV13_CIPHER_SUITES); SslUtils.useFallbackCiphersIfDefaultIsEmpty(arrayList, linkedHashSet222222222); List<String> unmodifiableList22222222 = Collections.unmodifiableList(arrayList); DEFAULT_CIPHERS = unmodifiableList22222222; Set<String> unmodifiableSet222222222 = Collections.unmodifiableSet(linkedHashSet222222222); AVAILABLE_JAVA_CIPHER_SUITES = unmodifiableSet222222222; Set<String> set22222222 = AVAILABLE_OPENSSL_CIPHER_SUITES; LinkedHashSet linkedHashSet322222222 = new LinkedHashSet(set22222222.size() + unmodifiableSet222222222.size()); linkedHashSet322222222.addAll(set22222222); linkedHashSet322222222.addAll(unmodifiableSet222222222); AVAILABLE_CIPHER_SUITES = linkedHashSet322222222; SUPPORTS_KEYMANAGER_FACTORY = z11; USE_KEYMANAGER_FACTORY = z12; LinkedHashSet linkedHashSet422222222 = new LinkedHashSet(6); linkedHashSet422222222.add("SSLv2Hello"); if (doesSupportProtocol(1, SSL.SSL_OP_NO_SSLv2)) { } if (doesSupportProtocol(2, SSL.SSL_OP_NO_SSLv3)) { } if (doesSupportProtocol(4, SSL.SSL_OP_NO_TLSv1)) { } if (doesSupportProtocol(8, SSL.SSL_OP_NO_TLSv1_1)) { } if (doesSupportProtocol(16, SSL.SSL_OP_NO_TLSv1_2)) { } if (z10) { } TLSV13_SUPPORTED = false; Set<String> unmodifiableSet322222222 = Collections.unmodifiableSet(linkedHashSet422222222); SUPPORTED_PROTOCOLS_SET = unmodifiableSet322222222; SUPPORTS_OCSP = doesSupportOcsp(); internalLogger = logger; if (internalLogger.isDebugEnabled()) { } } } else { DEFAULT_CIPHERS = Collections.emptyList(); AVAILABLE_OPENSSL_CIPHER_SUITES = Collections.emptySet(); AVAILABLE_JAVA_CIPHER_SUITES = Collections.emptySet(); AVAILABLE_CIPHER_SUITES = Collections.emptySet(); SUPPORTS_KEYMANAGER_FACTORY = false; USE_KEYMANAGER_FACTORY = false; SUPPORTED_PROTOCOLS_SET = Collections.emptySet(); SUPPORTS_OCSP = false; TLSV13_SUPPORTED = false; IS_BORINGSSL = false; EXTRA_SUPPORTED_TLS_1_3_CIPHERS = EmptyArrays.EMPTY_STRINGS; } } private OpenSsl() { } @Deprecated public static Set<String> availableCipherSuites() { return availableOpenSslCipherSuites(); } public static Set<String> availableJavaCipherSuites() { return AVAILABLE_JAVA_CIPHER_SUITES; } public static Set<String> availableOpenSslCipherSuites() { return AVAILABLE_OPENSSL_CIPHER_SUITES; } /* JADX WARNING: Removed duplicated region for block: B:16:0x002b */ /* JADX WARNING: Removed duplicated region for block: B:22:0x0034 */ private static boolean doesSupportOcsp() { long j2; Throwable th; if (((long) version()) >= 268443648) { try { j2 = SSLContext.make(16, 1); try { SSLContext.enableOcsp(j2, false); if (j2 == -1) { return true; } SSLContext.free(j2); return true; } catch (Exception unused) { if (j2 != -1) { } return false; } catch (Throwable th2) { th = th2; if (j2 != -1) { } throw th; } } catch (Exception unused2) { j2 = -1; if (j2 != -1) { SSLContext.free(j2); } return false; } catch (Throwable th3) { th = th3; j2 = -1; if (j2 != -1) { SSLContext.free(j2); } throw th; } } return false; } /* JADX WARNING: Code restructure failed: missing block: B:12:0x0016, code lost: return false; */ /* JADX WARNING: Exception block dominator not found, dom blocks: [] */ private static boolean doesSupportProtocol(int i10, int i11) { if (i11 == 0) { return false; } long make = SSLContext.make(i10, 2); if (make != -1) { SSLContext.free(make); } return true; } public static void ensureAvailability() { Throwable th = UNAVAILABILITY_CAUSE; if (th != null) { throw ((Error) new UnsatisfiedLinkError("failed to load the required native library").initCause(th)); } } private static boolean initializeTcNative(String str) throws Exception { return Library.initialize("provided", str); } @Deprecated public static boolean isAlpnSupported() { return ((long) version()) >= 268443648; } public static boolean isAvailable() { return UNAVAILABILITY_CAUSE == null; } static boolean isBoringSSL() { return IS_BORINGSSL; } public static boolean isCipherSuiteAvailable(String str) { String openSsl = CipherSuiteConverter.toOpenSsl(str, IS_BORINGSSL); if (openSsl != null) { str = openSsl; } return AVAILABLE_OPENSSL_CIPHER_SUITES.contains(str); } public static boolean isOcspSupported() { return SUPPORTS_OCSP; } static boolean isSessionCacheSupported() { return ((long) version()) >= 269484032; } static boolean isTlsv13Supported() { return TLSV13_SUPPORTED; } private static void loadTcNative() throws Exception { String normalizedOs = PlatformDependent.normalizedOs(); String normalizedArch = PlatformDependent.normalizedArch(); LinkedHashSet linkedHashSet = new LinkedHashSet(5); if ("linux".equals(normalizedOs)) { Iterator<String> it = PlatformDependent.normalizedLinuxClassifiers().iterator(); while (it.hasNext()) { linkedHashSet.add("netty_tcnative" + "_" + normalizedOs + '_' + normalizedArch + "_" + it.next()); } linkedHashSet.add("netty_tcnative" + "_" + normalizedOs + '_' + normalizedArch); linkedHashSet.add("netty_tcnative" + "_" + normalizedOs + '_' + normalizedArch + "_fedora"); } else { linkedHashSet.add("netty_tcnative" + "_" + normalizedOs + '_' + normalizedArch); } linkedHashSet.add("netty_tcnative" + "_" + normalizedArch); linkedHashSet.add("netty_tcnative"); NativeLibraryLoader.loadFirstAvailable(PlatformDependent.getClassLoader(SSLContext.class), (String[]) linkedHashSet.toArray(new String[0])); } static long memoryAddress(ByteBuf byteBuf) { return byteBuf.hasMemoryAddress() ? byteBuf.memoryAddress() : Buffer.address(byteBuf.internalNioBuffer(0, byteBuf.readableBytes())); } static void releaseIfNeeded(ReferenceCounted referenceCounted) { if (referenceCounted.refCnt() > 0) { ReferenceCountUtil.safeRelease(referenceCounted); } } static X509Certificate selfSignedCertificate() throws CertificateException { return (X509Certificate) SslContext.X509_CERT_FACTORY.generateCertificate(new ByteArrayInputStream(CERT.getBytes(CharsetUtil.US_ASCII))); } @Deprecated public static boolean supportsHostnameValidation() { return isAvailable(); } public static boolean supportsKeyManagerFactory() { return SUPPORTS_KEYMANAGER_FACTORY; } public static Throwable unavailabilityCause() { return UNAVAILABILITY_CAUSE; } static boolean useKeyManagerFactory() { return USE_KEYMANAGER_FACTORY; } public static int version() { if (isAvailable()) { return SSL.version(); } return -1; } public static String versionString() { if (isAvailable()) { return SSL.versionString(); } return null; } }