package cn.com.cfca.mobile.provider;

import cn.com.cfca.mobile.provider.NativeCrypto;
import cn.com.cfca.mobile.provider.bk;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.X509KeyManager;
import okhttp3.internal.http2.Http2Stream;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class NativeSsl {
    final bk a;
    final NativeCrypto.SSLHandshakeCallbacks b;
    final bk.a c;
    final ReadWriteLock d = new ReentrantReadWriteLock();
    X509Certificate[] e;
    volatile long f;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public final class a {
        private volatile long b;

        private a() throws SSLException {
            this.b = NativeCrypto.SSL_BIO_new(NativeSsl.this.f, NativeSsl.this);
        }

        /* synthetic */ a(NativeSsl nativeSsl, byte b) throws SSLException {
            this();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public final int a() {
            NativeSsl.this.d.readLock().lock();
            try {
                return this.b == 0 ? 0 : NativeCrypto.SSL_pending_written_bytes_in_BIO(this.b);
            } finally {
                NativeSsl.this.d.readLock().unlock();
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public final int a(long j, int i) throws IOException {
            NativeSsl.this.d.readLock().lock();
            try {
                if (NativeSsl.this.j()) {
                    throw new SSLException("Connection closed");
                }
                return NativeCrypto.ENGINE_SSL_write_BIO_direct(NativeSsl.this.f, NativeSsl.this, this.b, j, i, NativeSsl.this.b);
            } finally {
                NativeSsl.this.d.readLock().unlock();
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public final int b(long j, int i) throws IOException {
            NativeSsl.this.d.readLock().lock();
            try {
                if (NativeSsl.this.j()) {
                    throw new SSLException("Connection closed");
                }
                return NativeCrypto.ENGINE_SSL_read_BIO_direct(NativeSsl.this.f, NativeSsl.this, this.b, j, i, NativeSsl.this.b);
            } finally {
                NativeSsl.this.d.readLock().unlock();
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public final void b() {
            NativeSsl.this.d.writeLock().lock();
            try {
                long j = this.b;
                this.b = 0L;
                if (j != 0) {
                    NativeCrypto.BIO_free_all(j);
                }
            } finally {
                NativeSsl.this.d.writeLock().unlock();
            }
        }
    }

    private NativeSsl(long j, bk bkVar, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, bk.a aVar) {
        this.f = j;
        this.a = bkVar;
        this.b = sSLHandshakeCallbacks;
        this.c = aVar;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static NativeSsl a(bk bkVar, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, bk.a aVar) throws SSLException {
        AbstractSessionContext b = bkVar.b();
        return new NativeSsl(NativeCrypto.SSL_new(b.a, b), bkVar, sSLHandshakeCallbacks, aVar);
    }

    private void k() throws SSLException {
        X509Certificate[] acceptedIssuers;
        if (this.a.j) {
            return;
        }
        boolean z = false;
        if (this.a.k) {
            NativeCrypto.SSL_set_verify(this.f, this, 3);
        } else {
            if (!this.a.l) {
                NativeCrypto.SSL_set_verify(this.f, this, 0);
                if (z || (acceptedIssuers = this.a.c.getAcceptedIssuers()) == null || acceptedIssuers.length == 0) {
                    return;
                }
                try {
                    NativeCrypto.SSL_set_client_CA_list(this.f, this, bm.a(acceptedIssuers));
                    return;
                } catch (CertificateEncodingException e) {
                    throw new SSLException("Problem encoding principals", e);
                }
            }
            NativeCrypto.SSL_set_verify(this.f, this, 1);
        }
        z = true;
        if (z) {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final int a(long j, int i) throws IOException, CertificateException {
        this.d.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_read_direct(this.f, this, j, i, this.b);
        } finally {
            this.d.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final a a() {
        try {
            return new a(this, (byte) 0);
        } catch (SSLException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void a(String str) throws CertificateEncodingException, SSLException {
        X509KeyManager x509KeyManager;
        PrivateKey privateKey;
        if (str == null || (x509KeyManager = this.a.b) == null || (privateKey = x509KeyManager.getPrivateKey(str)) == null) {
            return;
        }
        X509Certificate[] certificateChain = x509KeyManager.getCertificateChain(str);
        this.e = certificateChain;
        if (certificateChain == null) {
            return;
        }
        int length = certificateChain.length;
        PublicKey publicKey = length > 0 ? certificateChain[0].getPublicKey() : null;
        byte[][] bArr = new byte[length];
        for (int i = 0; i < length; i++) {
            bArr[i] = this.e[i].getEncoded();
        }
        try {
            NativeCrypto.setLocalCertsAndPrivateKey(this.f, this, bArr, ap.a(privateKey, publicKey).a);
        } catch (InvalidKeyException e) {
            throw new SSLException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final int b(long j, int i) throws IOException {
        this.d.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_write_direct(this.f, this, j, i, this.b);
        } finally {
            this.d.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final long b() {
        return NativeCrypto.SSL_get_time(this.f, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void b(String str) throws CertificateEncodingException, SSLException {
        X509KeyManager x509KeyManager;
        PrivateKey privateKey;
        if (str == null || (x509KeyManager = this.a.b) == null || (privateKey = x509KeyManager.getPrivateKey(str)) == null) {
            return;
        }
        X509Certificate[] certificateChain = x509KeyManager.getCertificateChain(str);
        this.e = certificateChain;
        if (certificateChain == null) {
            return;
        }
        int length = certificateChain.length;
        PublicKey publicKey = length > 0 ? certificateChain[0].getPublicKey() : null;
        byte[][] bArr = new byte[length];
        for (int i = 0; i < length; i++) {
            bArr[i] = this.e[i].getEncoded();
        }
        try {
            NativeCrypto.setLocalEncCertsAndPrivateKey(this.f, this, bArr, ap.a(privateKey, publicKey).a);
        } catch (InvalidKeyException e) {
            throw new SSLException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String c() {
        return NativeCrypto.SSL_get_servername(this.f, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void c(String str) throws IOException {
        if (!this.a.m) {
            NativeCrypto.SSL_set_session_creation_enabled(this.f, this, false);
        }
        if (this.a.j) {
            NativeCrypto.SSL_set_connect_state(this.f, this);
        } else {
            NativeCrypto.SSL_set_accept_state(this.f, this);
        }
        if (this.a.d().length == 0 && this.a.e) {
            throw new SSLHandshakeException("No enabled protocols; SSLv3 is no longer supported and was filtered from the list");
        }
        NativeCrypto.a(this.f, this, this.a.d);
        NativeCrypto.a(this.f, this, this.a.f, this.a.d);
        if (this.a.g.length > 0) {
            NativeCrypto.setApplicationProtocols(this.f, this, this.a.j, this.a.g);
        }
        if (!this.a.j && this.a.h != null) {
            NativeCrypto.setHasApplicationProtocolSelector(this.f, this, true);
        }
        if (!this.a.j) {
            NativeCrypto.SSL_set_options(this.f, this, 4194304L);
        }
        boolean z = this.a.i;
        long j = this.f;
        if (z) {
            NativeCrypto.SSL_clear_options(j, this, Http2Stream.EMIT_BUFFER_SIZE);
        } else {
            NativeCrypto.SSL_set_options(j, this, Http2Stream.EMIT_BUFFER_SIZE | NativeCrypto.SSL_get_options(this.f, this));
        }
        if (this.a.e() && d.a(str)) {
            NativeCrypto.SSL_set_tlsext_host_name(this.f, this, str);
        }
        k();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Set<String> d() {
        HashSet hashSet = new HashSet();
        for (long j : NativeCrypto.SSL_get_ciphers(this.f, this)) {
            String a2 = bm.a(j);
            if (a2 != null) {
                hashSet.add(a2);
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final int e() throws IOException {
        this.d.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_do_handshake(this.f, this, this.b);
        } finally {
            this.d.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean f() {
        this.d.readLock().lock();
        try {
            return (NativeCrypto.SSL_get_shutdown(this.f, this) & 2) != 0;
        } finally {
            this.d.readLock().unlock();
        }
    }

    protected final void finalize() throws Throwable {
        try {
            i();
        } finally {
            super.finalize();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean g() {
        this.d.readLock().lock();
        try {
            return (NativeCrypto.SSL_get_shutdown(this.f, this) & 1) != 0;
        } finally {
            this.d.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final int h() {
        this.d.readLock().lock();
        try {
            if (!j()) {
                return NativeCrypto.SSL_pending_readable_bytes(this.f, this);
            }
            this.d.readLock().unlock();
            return 0;
        } finally {
            this.d.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void i() {
        this.d.writeLock().lock();
        try {
            if (!j()) {
                long j = this.f;
                this.f = 0L;
                NativeCrypto.SSL_free(j, this);
            }
        } finally {
            this.d.writeLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean j() {
        return this.f == 0;
    }
}
