package g.a;

import com.tencent.mm.opensdk.constants.ConstantsAPI;
import g.a.z0;
import java.io.FileDescriptor;
import java.io.IOException;
import java.net.SocketException;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.X509KeyManager;
import org.conscrypt.NativeCrypto;

/* loaded from: classes.dex */
public final class f0 {

    /* renamed from: a, reason: collision with root package name */
    public final z0 f9534a;

    /* renamed from: b, reason: collision with root package name */
    public final NativeCrypto.a f9535b;

    /* renamed from: c, reason: collision with root package name */
    public final z0.a f9536c;

    /* renamed from: d, reason: collision with root package name */
    public final z0.b f9537d;

    /* renamed from: e, reason: collision with root package name */
    public X509Certificate[] f9538e;

    /* renamed from: f, reason: collision with root package name */
    public final ReadWriteLock f9539f = new ReentrantReadWriteLock();

    /* renamed from: g, reason: collision with root package name */
    public volatile long f9540g;

    /* loaded from: classes.dex */
    public final class b {

        /* renamed from: a, reason: collision with root package name */
        public volatile long f9541a;

        public b(a aVar) throws SSLException {
            this.f9541a = NativeCrypto.SSL_BIO_new(f0.this.f9540g, f0.this);
        }
    }

    public f0(long j, z0 z0Var, NativeCrypto.a aVar, z0.a aVar2, z0.b bVar) {
        this.f9540g = j;
        this.f9534a = z0Var;
        this.f9535b = aVar;
        this.f9536c = aVar2;
        this.f9537d = bVar;
    }

    public static f0 g(z0 z0Var, NativeCrypto.a aVar, z0.a aVar2, z0.b bVar) throws SSLException {
        c f2 = z0Var.f();
        return new f0(NativeCrypto.SSL_new(f2.f9498c, f2), z0Var, aVar, aVar2, bVar);
    }

    public void a() {
        this.f9539f.writeLock().lock();
        try {
            if (!f()) {
                long j = this.f9540g;
                this.f9540g = 0L;
                NativeCrypto.SSL_free(j, this);
            }
        } finally {
            this.f9539f.writeLock().unlock();
        }
    }

    public int b() throws IOException {
        this.f9539f.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_do_handshake(this.f9540g, this, this.f9535b);
        } finally {
            this.f9539f.readLock().unlock();
        }
    }

    public void c(FileDescriptor fileDescriptor, int i) throws CertificateException, IOException {
        this.f9539f.readLock().lock();
        try {
            if (f() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_do_handshake(this.f9540g, this, fileDescriptor, this.f9535b, i);
        } finally {
            this.f9539f.readLock().unlock();
        }
    }

    public void d() throws IOException {
        this.f9539f.readLock().lock();
        try {
            NativeCrypto.ENGINE_SSL_force_read(this.f9540g, this, this.f9535b);
        } finally {
            this.f9539f.readLock().unlock();
        }
    }

    public void e(String str, l0 l0Var) throws IOException {
        X509Certificate[] acceptedIssuers;
        boolean z;
        boolean z2 = false;
        if (!this.f9534a.l) {
            NativeCrypto.SSL_set_session_creation_enabled(this.f9540g, this, false);
        }
        NativeCrypto.SSL_accept_renegotiations(this.f9540g, this);
        boolean z3 = this.f9534a.i;
        String str2 = null;
        long j = this.f9540g;
        if (z3) {
            NativeCrypto.SSL_set_connect_state(j, this);
            NativeCrypto.SSL_enable_ocsp_stapling(this.f9540g, this);
            if (this.f9534a == null) {
                throw null;
            }
            if (str == null ? false : x0.g(str)) {
                NativeCrypto.SSL_enable_signed_cert_timestamps(this.f9540g, this);
            }
        } else {
            NativeCrypto.SSL_set_accept_state(j, this);
            if (this.f9534a == null) {
                throw null;
            }
        }
        if (this.f9534a.e().length == 0 && this.f9534a.f9657g) {
            throw new SSLHandshakeException("No enabled protocols; SSLv3 is no longer supported and was filtered from the list");
        }
        long j2 = this.f9540g;
        String[] strArr = this.f9534a.f9656f;
        NativeCrypto.b(strArr);
        List asList = Arrays.asList(strArr);
        String str3 = null;
        int i = 0;
        while (true) {
            String[] strArr2 = NativeCrypto.l;
            if (i >= strArr2.length) {
                break;
            }
            String str4 = strArr2[i];
            if (!asList.contains(str4)) {
                if (str2 != null) {
                    break;
                }
            } else {
                if (str2 == null) {
                    str2 = str4;
                }
                str3 = str4;
            }
            i++;
        }
        if (str2 == null || str3 == null) {
            throw new IllegalArgumentException("No protocols enabled.");
        }
        NativeCrypto.SSL_set_protocol_versions(j2, this, NativeCrypto.d(str2), NativeCrypto.d(str3));
        long j3 = this.f9540g;
        String[] strArr3 = this.f9534a.f9658h;
        NativeCrypto.a(strArr3);
        ArrayList arrayList = new ArrayList();
        for (String str5 : strArr3) {
            if (!str5.equals("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) {
                if (str5.equals("TLS_FALLBACK_SCSV")) {
                    NativeCrypto.SSL_set_mode(j3, this, ConstantsAPI.AppSupportContentFlag.MMAPP_SUPPORT_XLS);
                } else {
                    if ("SSL_RSA_WITH_3DES_EDE_CBC_SHA".equals(str5)) {
                        str5 = "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
                    }
                    arrayList.add(str5);
                }
            }
        }
        NativeCrypto.SSL_set_cipher_lists(j3, this, (String[]) arrayList.toArray(new String[arrayList.size()]));
        if (this.f9534a.q.length > 0) {
            long j4 = this.f9540g;
            z0 z0Var = this.f9534a;
            NativeCrypto.setApplicationProtocols(j4, this, z0Var.i, z0Var.q);
        }
        z0 z0Var2 = this.f9534a;
        if (!z0Var2.i && z0Var2.r != null) {
            NativeCrypto.setApplicationProtocolSelector(this.f9540g, this, this.f9534a.r);
        }
        if (!this.f9534a.i) {
            HashSet hashSet = new HashSet();
            for (long j5 : NativeCrypto.SSL_get_ciphers(this.f9540g, this)) {
                String h2 = a1.h(j5);
                if (h2 != null) {
                    hashSet.add(h2);
                }
            }
            X509KeyManager x509KeyManager = this.f9534a.f9653c;
            if (x509KeyManager != null) {
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    try {
                        i(this.f9536c.n(x509KeyManager, (String) it.next()));
                    } catch (CertificateEncodingException e2) {
                        throw new IOException(e2);
                    }
                }
            }
            NativeCrypto.SSL_set_options(this.f9540g, this, 4194304L);
            if (this.f9534a.o != null) {
                NativeCrypto.SSL_set_signed_cert_timestamp_list(this.f9540g, this, this.f9534a.o);
            }
            if (this.f9534a.p != null) {
                NativeCrypto.SSL_set_ocsp_response(this.f9540g, this, this.f9534a.p);
            }
        }
        z0 z0Var3 = this.f9534a;
        u0 u0Var = z0Var3.f9654d;
        if (u0Var != null) {
            String[] strArr4 = z0Var3.f9658h;
            int length = strArr4.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length) {
                    z = false;
                    break;
                }
                String str6 = strArr4[i2];
                if (str6 != null && str6.contains("PSK")) {
                    z = true;
                    break;
                }
                i2++;
            }
            if (z) {
                if (this.f9534a.i) {
                    NativeCrypto.set_SSL_psk_client_callback_enabled(this.f9540g, this, true);
                } else {
                    NativeCrypto.set_SSL_psk_server_callback_enabled(this.f9540g, this, true);
                    NativeCrypto.SSL_use_psk_identity_hint(this.f9540g, this, this.f9537d.f(u0Var));
                }
            }
        }
        boolean z4 = this.f9534a.s;
        long j6 = this.f9540g;
        if (z4) {
            NativeCrypto.SSL_clear_options(j6, this, 16384L);
        } else {
            NativeCrypto.SSL_set_options(j6, this, 16384 | NativeCrypto.SSL_get_options(this.f9540g, this));
        }
        if (this.f9534a.g() && c.c.o.o.e.Q(str)) {
            NativeCrypto.SSL_set_tlsext_host_name(this.f9540g, this, str);
        }
        NativeCrypto.SSL_set_mode(this.f9540g, this, 256L);
        z0 z0Var4 = this.f9534a;
        if (!z0Var4.i) {
            if (z0Var4.j) {
                NativeCrypto.SSL_set_verify(this.f9540g, this, 3);
            } else if (z0Var4.k) {
                NativeCrypto.SSL_set_verify(this.f9540g, this, 1);
            } else {
                NativeCrypto.SSL_set_verify(this.f9540g, this, 0);
                if (z2 && (acceptedIssuers = this.f9534a.f9655e.getAcceptedIssuers()) != null && acceptedIssuers.length != 0) {
                    try {
                        NativeCrypto.SSL_set_client_CA_list(this.f9540g, this, a1.e(acceptedIssuers));
                    } catch (CertificateEncodingException e3) {
                        throw new SSLException("Problem encoding principals", e3);
                    }
                }
            }
            z2 = true;
            if (z2) {
                NativeCrypto.SSL_set_client_CA_list(this.f9540g, this, a1.e(acceptedIssuers));
            }
        }
        z0 z0Var5 = this.f9534a;
        if (z0Var5.u) {
            if (z0Var5.i) {
                throw new SSLHandshakeException("Invalid TLS channel ID key specified");
            }
            NativeCrypto.SSL_enable_tls_channel_id(this.f9540g, this);
        }
    }

    public boolean f() {
        return this.f9540g == 0;
    }

    public final void finalize() throws Throwable {
        try {
            a();
        } finally {
            super.finalize();
        }
    }

    public int h(FileDescriptor fileDescriptor, byte[] bArr, int i, int i2, int i3) throws IOException {
        this.f9539f.readLock().lock();
        try {
            if (f() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            return NativeCrypto.SSL_read(this.f9540g, this, fileDescriptor, this.f9535b, bArr, i, i2, i3);
        } finally {
            this.f9539f.readLock().unlock();
        }
    }

    public void i(String str) throws CertificateEncodingException, SSLException {
        X509KeyManager x509KeyManager;
        PrivateKey privateKey;
        if (str == null || (x509KeyManager = this.f9534a.f9653c) == null || (privateKey = x509KeyManager.getPrivateKey(str)) == null) {
            return;
        }
        X509Certificate[] certificateChain = x509KeyManager.getCertificateChain(str);
        this.f9538e = certificateChain;
        if (certificateChain == null) {
            return;
        }
        int length = certificateChain.length;
        PublicKey publicKey = length > 0 ? certificateChain[0].getPublicKey() : null;
        byte[][] bArr = new byte[length];
        for (int i = 0; i < length; i++) {
            bArr[i] = this.f9538e[i].getEncoded();
        }
        try {
            NativeCrypto.setLocalCertsAndPrivateKey(this.f9540g, this, bArr, l0.a(privateKey, publicKey).f9592a);
        } catch (InvalidKeyException e2) {
            throw new SSLException(e2);
        }
    }

    public void j(FileDescriptor fileDescriptor, byte[] bArr, int i, int i2, int i3) throws IOException {
        this.f9539f.readLock().lock();
        try {
            if (f() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_write(this.f9540g, this, fileDescriptor, this.f9535b, bArr, i, i2, i3);
        } finally {
            this.f9539f.readLock().unlock();
        }
    }
}
