package org.conscrypt;

import java.io.FileDescriptor;
import java.io.IOException;
import java.net.SocketException;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.X509KeyManager;
import org.conscrypt.NativeCrypto;
import org.conscrypt.SSLParametersImpl;

/* loaded from: classes2.dex */
public final class NativeSsl {
    public final SSLParametersImpl a;
    public final NativeCrypto.SSLHandshakeCallbacks b;
    public final SSLParametersImpl.AliasChooser c;
    public final SSLParametersImpl.PSKCallbacks d;
    public X509Certificate[] e;

    /* renamed from: f, reason: collision with root package name */
    public final ReadWriteLock f1125f = new ReentrantReadWriteLock();
    public volatile long g;

    /* loaded from: classes2.dex */
    public final class BioWrapper {
        public volatile long a;

        public BioWrapper() throws SSLException {
            this.a = NativeCrypto.SSL_BIO_new(NativeSsl.this.g, NativeSsl.this);
        }

        public void a() {
            long j = this.a;
            this.a = 0L;
            NativeCrypto.BIO_free_all(j);
        }

        public int b() {
            if (this.a != 0) {
                return NativeCrypto.SSL_pending_written_bytes_in_BIO(this.a);
            }
            return 0;
        }

        public int c(long j, int i) throws IOException {
            return NativeCrypto.ENGINE_SSL_read_BIO_direct(NativeSsl.this.g, NativeSsl.this, this.a, j, i, NativeSsl.this.b);
        }

        public int d(long j, int i) throws IOException {
            return NativeCrypto.ENGINE_SSL_write_BIO_direct(NativeSsl.this.g, NativeSsl.this, this.a, j, i, NativeSsl.this.b);
        }
    }

    public NativeSsl(long j, SSLParametersImpl sSLParametersImpl, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, SSLParametersImpl.AliasChooser aliasChooser, SSLParametersImpl.PSKCallbacks pSKCallbacks) {
        this.g = j;
        this.a = sSLParametersImpl;
        this.b = sSLHandshakeCallbacks;
        this.c = aliasChooser;
        this.d = pSKCallbacks;
    }

    public static NativeSsl A(SSLParametersImpl sSLParametersImpl, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, SSLParametersImpl.AliasChooser aliasChooser, SSLParametersImpl.PSKCallbacks pSKCallbacks) throws SSLException {
        AbstractSessionContext v = sSLParametersImpl.v();
        return new NativeSsl(NativeCrypto.SSL_new(v.c, v), sSLParametersImpl, sSLHandshakeCallbacks, aliasChooser, pSKCallbacks);
    }

    public void B(long j) throws SSLException {
        NativeCrypto.SSL_set_session(this.g, this, j);
    }

    public int C(FileDescriptor fileDescriptor, byte[] bArr, int i, int i2, int i3) throws IOException {
        this.f1125f.readLock().lock();
        try {
            if (y() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            return NativeCrypto.SSL_read(this.g, this, fileDescriptor, this.b, bArr, i, i2, i3);
        } finally {
            this.f1125f.readLock().unlock();
        }
    }

    public int D(long j, int i) throws IOException, CertificateException {
        this.f1125f.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_read_direct(this.g, this, j, i, this.b);
        } finally {
            this.f1125f.readLock().unlock();
        }
    }

    public void E(String str) throws CertificateEncodingException, SSLException {
        X509KeyManager A;
        PrivateKey privateKey;
        if (str == null || (A = this.a.A()) == null || (privateKey = A.getPrivateKey(str)) == null) {
            return;
        }
        X509Certificate[] certificateChain = A.getCertificateChain(str);
        this.e = certificateChain;
        if (certificateChain == null) {
            return;
        }
        int length = certificateChain.length;
        PublicKey publicKey = length > 0 ? certificateChain[0].getPublicKey() : null;
        byte[][] bArr = new byte[length];
        for (int i = 0; i < length; i++) {
            bArr[i] = this.e[i].getEncoded();
        }
        try {
            NativeCrypto.setLocalCertsAndPrivateKey(this.g, this, bArr, OpenSSLKey.b(privateKey, publicKey).c());
        } catch (InvalidKeyException e) {
            throw new SSLException(e);
        }
    }

    public final void F() throws SSLException {
        X509Certificate[] acceptedIssuers;
        if (x()) {
            return;
        }
        boolean z = false;
        if (this.a.s()) {
            NativeCrypto.SSL_set_verify(this.g, this, 3);
        } else {
            if (!this.a.z()) {
                NativeCrypto.SSL_set_verify(this.g, this, 0);
                if (z || (acceptedIssuers = this.a.B().getAcceptedIssuers()) == null || acceptedIssuers.length == 0) {
                    return;
                }
                try {
                    NativeCrypto.SSL_set_client_CA_list(this.g, this, SSLUtils.g(acceptedIssuers));
                    return;
                } catch (CertificateEncodingException e) {
                    throw new SSLException("Problem encoding principals", e);
                }
            }
            NativeCrypto.SSL_set_verify(this.g, this, 1);
        }
        z = true;
        if (z) {
        }
    }

    public void G(long j) {
        NativeCrypto.SSL_set_timeout(this.g, this, j);
    }

    public final void H(OpenSSLKey openSSLKey) throws SSLException {
        SSLParametersImpl sSLParametersImpl = this.a;
        if (sSLParametersImpl.v) {
            if (!sSLParametersImpl.x()) {
                NativeCrypto.SSL_enable_tls_channel_id(this.g, this);
            } else {
                if (openSSLKey == null) {
                    throw new SSLHandshakeException("Invalid TLS channel ID key specified");
                }
                NativeCrypto.SSL_set1_tls_channel_id(this.g, this, openSSLKey.c());
            }
        }
    }

    public void I() throws IOException {
        NativeCrypto.ENGINE_SSL_shutdown(this.g, this, this.b);
    }

    public void J(FileDescriptor fileDescriptor) throws IOException {
        NativeCrypto.SSL_shutdown(this.g, this, fileDescriptor, this.b);
    }

    public boolean K() {
        return (NativeCrypto.SSL_get_shutdown(this.g, this) & 2) != 0;
    }

    public boolean L() {
        return (NativeCrypto.SSL_get_shutdown(this.g, this) & 1) != 0;
    }

    public void M(FileDescriptor fileDescriptor, byte[] bArr, int i, int i2, int i3) throws IOException {
        this.f1125f.readLock().lock();
        try {
            if (y() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_write(this.g, this, fileDescriptor, this.b, bArr, i, i2, i3);
        } finally {
            this.f1125f.readLock().unlock();
        }
    }

    public int N(long j, int i) throws IOException {
        this.f1125f.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_write_direct(this.g, this, j, i, this.b);
        } finally {
            this.f1125f.readLock().unlock();
        }
    }

    public void c() {
        this.f1125f.writeLock().lock();
        try {
            if (!y()) {
                long j = this.g;
                this.g = 0L;
                NativeCrypto.SSL_free(j, this);
            }
        } finally {
            this.f1125f.writeLock().unlock();
        }
    }

    public int d() throws IOException {
        this.f1125f.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_do_handshake(this.g, this, this.b);
        } finally {
            this.f1125f.readLock().unlock();
        }
    }

    public void e(FileDescriptor fileDescriptor, int i) throws CertificateException, IOException {
        this.f1125f.readLock().lock();
        try {
            if (y() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_do_handshake(this.g, this, fileDescriptor, this.b, i);
        } finally {
            this.f1125f.readLock().unlock();
        }
    }

    public final void f() throws SSLException {
        PSKKeyManager u = this.a.u();
        if (u != null) {
            String[] strArr = this.a.h;
            int length = strArr.length;
            boolean z = false;
            int i = 0;
            while (true) {
                if (i < length) {
                    String str = strArr[i];
                    if (str != null && str.contains("PSK")) {
                        z = true;
                        break;
                    }
                    i++;
                } else {
                    break;
                }
            }
            if (z) {
                if (x()) {
                    NativeCrypto.set_SSL_psk_client_callback_enabled(this.g, this, true);
                    return;
                }
                NativeCrypto.set_SSL_psk_server_callback_enabled(this.g, this, true);
                NativeCrypto.SSL_use_psk_identity_hint(this.g, this, this.d.b(u));
            }
        }
    }

    public final void finalize() throws Throwable {
        try {
            c();
        } finally {
            super.finalize();
        }
    }

    public void g() throws IOException {
        this.f1125f.readLock().lock();
        try {
            NativeCrypto.ENGINE_SSL_force_read(this.g, this, this.b);
        } finally {
            this.f1125f.readLock().unlock();
        }
    }

    public byte[] h() {
        return NativeCrypto.getApplicationProtocol(this.g, this);
    }

    public String i() {
        return NativeCrypto.e(NativeCrypto.SSL_get_current_cipher(this.g, this));
    }

    public int j(int i) {
        return NativeCrypto.SSL_get_error(this.g, this, i);
    }

    public X509Certificate[] k() {
        return this.e;
    }

    public int l() {
        return NativeCrypto.SSL_max_seal_overhead(this.g, this);
    }

    public byte[] m() {
        return NativeCrypto.SSL_get_ocsp_response(this.g, this);
    }

    public X509Certificate[] n() throws CertificateException {
        byte[][] SSL_get0_peer_certificates = NativeCrypto.SSL_get0_peer_certificates(this.g, this);
        if (SSL_get0_peer_certificates == null) {
            return null;
        }
        return SSLUtils.e(SSL_get0_peer_certificates);
    }

    public byte[] o() {
        return NativeCrypto.SSL_get_signed_cert_timestamp_list(this.g, this);
    }

    public int p() {
        return NativeCrypto.SSL_pending_readable_bytes(this.g, this);
    }

    public String q() {
        return NativeCrypto.SSL_get_servername(this.g, this);
    }

    public byte[] r() {
        return NativeCrypto.SSL_session_id(this.g, this);
    }

    public long s() {
        return NativeCrypto.SSL_get_time(this.g, this);
    }

    public long t() {
        return NativeCrypto.SSL_get_timeout(this.g, this);
    }

    public String u() {
        return NativeCrypto.SSL_get_version(this.g, this);
    }

    public void v(String str, OpenSSLKey openSSLKey) throws IOException {
        if (!this.a.o()) {
            NativeCrypto.SSL_set_session_creation_enabled(this.g, this, false);
        }
        NativeCrypto.SSL_accept_renegotiations(this.g, this);
        if (x()) {
            NativeCrypto.SSL_set_connect_state(this.g, this);
            NativeCrypto.SSL_enable_ocsp_stapling(this.g, this);
            if (this.a.C(str)) {
                NativeCrypto.SSL_enable_signed_cert_timestamps(this.g, this);
            }
        } else {
            NativeCrypto.SSL_set_accept_state(this.g, this);
            if (this.a.t() != null) {
                NativeCrypto.SSL_enable_ocsp_stapling(this.g, this);
            }
        }
        if (this.a.q().length == 0 && this.a.g) {
            throw new SSLHandshakeException("No enabled protocols; SSLv3 is no longer supported and was filtered from the list");
        }
        NativeCrypto.k(this.g, this, this.a.f1127f);
        long j = this.g;
        SSLParametersImpl sSLParametersImpl = this.a;
        NativeCrypto.j(j, this, sSLParametersImpl.h, sSLParametersImpl.f1127f);
        if (this.a.r.length > 0) {
            NativeCrypto.setApplicationProtocols(this.g, this, x(), this.a.r);
        }
        if (!x() && this.a.s != null) {
            NativeCrypto.setApplicationProtocolSelector(this.g, this, this.a.s);
        }
        if (!x()) {
            HashSet hashSet = new HashSet();
            for (long j2 : NativeCrypto.SSL_get_ciphers(this.g, this)) {
                String k = SSLUtils.k(j2);
                if (k != null) {
                    hashSet.add(k);
                }
            }
            X509KeyManager A = this.a.A();
            if (A != null) {
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    try {
                        E(this.c.a(A, (String) it.next()));
                    } catch (CertificateEncodingException e) {
                        throw new IOException(e);
                    }
                }
            }
            NativeCrypto.SSL_set_options(this.g, this, 4194304L);
            if (this.a.p != null) {
                NativeCrypto.SSL_set_signed_cert_timestamp_list(this.g, this, this.a.p);
            }
            if (this.a.q != null) {
                NativeCrypto.SSL_set_ocsp_response(this.g, this, this.a.q);
            }
        }
        f();
        if (this.a.t) {
            NativeCrypto.SSL_clear_options(this.g, this, 16384L);
        } else {
            NativeCrypto.SSL_set_options(this.g, this, NativeCrypto.SSL_get_options(this.g, this) | 16384);
        }
        if (this.a.y() && AddressUtils.b(str)) {
            NativeCrypto.SSL_set_tlsext_host_name(this.g, this, str);
        }
        NativeCrypto.SSL_set_mode(this.g, this, 256L);
        F();
        H(openSSLKey);
    }

    public void w() {
        NativeCrypto.SSL_interrupt(this.g, this);
    }

    public final boolean x() {
        return this.a.x();
    }

    public boolean y() {
        return this.g == 0;
    }

    public BioWrapper z() {
        try {
            return new BioWrapper();
        } catch (SSLException e) {
            throw new RuntimeException(e);
        }
    }
}
