package org.conscrypt;

import java.io.FileDescriptor;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.SocketException;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;
import org.conscrypt.NativeCrypto;
import org.conscrypt.q2;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes6.dex */
public final class NativeSsl {

    /* renamed from: a, reason: collision with root package name */
    private final q2 f80132a;

    /* renamed from: b, reason: collision with root package name */
    private final NativeCrypto.SSLHandshakeCallbacks f80133b;

    /* renamed from: c, reason: collision with root package name */
    private final q2.a f80134c;

    /* renamed from: d, reason: collision with root package name */
    private final q2.b f80135d;

    /* renamed from: e, reason: collision with root package name */
    private X509Certificate[] f80136e;

    /* renamed from: f, reason: collision with root package name */
    private final ReadWriteLock f80137f = new ReentrantReadWriteLock();

    /* renamed from: g, reason: collision with root package name */
    private volatile long f80138g;

    /* loaded from: classes6.dex */
    final class b {

        /* renamed from: a, reason: collision with root package name */
        private volatile long f80139a;

        private b() throws SSLException {
            this.f80139a = NativeCrypto.SSL_BIO_new(NativeSsl.this.f80138g, NativeSsl.this);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void a() {
            NativeSsl.this.f80137f.writeLock().lock();
            try {
                long j5 = this.f80139a;
                this.f80139a = 0L;
                if (j5 != 0) {
                    NativeCrypto.BIO_free_all(j5);
                }
            } finally {
                NativeSsl.this.f80137f.writeLock().unlock();
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int b() {
            NativeSsl.this.f80137f.readLock().lock();
            try {
                return this.f80139a == 0 ? 0 : NativeCrypto.SSL_pending_written_bytes_in_BIO(this.f80139a);
            } finally {
                NativeSsl.this.f80137f.readLock().unlock();
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int c(long j5, int i5) throws IOException {
            NativeSsl.this.f80137f.readLock().lock();
            try {
                if (NativeSsl.this.G()) {
                    throw new SSLException("Connection closed");
                }
                return NativeCrypto.ENGINE_SSL_read_BIO_direct(NativeSsl.this.f80138g, NativeSsl.this, this.f80139a, j5, i5, NativeSsl.this.f80133b);
            } finally {
                NativeSsl.this.f80137f.readLock().unlock();
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int d(long j5, int i5) throws IOException {
            NativeSsl.this.f80137f.readLock().lock();
            try {
                if (NativeSsl.this.G()) {
                    throw new SSLException("Connection closed");
                }
                return NativeCrypto.ENGINE_SSL_write_BIO_direct(NativeSsl.this.f80138g, NativeSsl.this, this.f80139a, j5, i5, NativeSsl.this.f80133b);
            } finally {
                NativeSsl.this.f80137f.readLock().unlock();
            }
        }
    }

    private NativeSsl(long j5, q2 q2Var, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, q2.a aVar, q2.b bVar) {
        this.f80138g = j5;
        this.f80132a = q2Var;
        this.f80133b = sSLHandshakeCallbacks;
        this.f80134c = aVar;
        this.f80135d = bVar;
    }

    private boolean F() {
        return this.f80132a.A();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static NativeSsl I(q2 q2Var, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, q2.a aVar, q2.b bVar) throws SSLException {
        AbstractSessionContext y4 = q2Var.y();
        return new NativeSsl(NativeCrypto.SSL_new(y4.f80084c, y4), q2Var, sSLHandshakeCallbacks, aVar, bVar);
    }

    private void N(String str) throws CertificateEncodingException, SSLException {
        X509KeyManager D;
        PrivateKey privateKey;
        if (str == null || (D = this.f80132a.D()) == null || (privateKey = D.getPrivateKey(str)) == null) {
            return;
        }
        X509Certificate[] certificateChain = D.getCertificateChain(str);
        this.f80136e = certificateChain;
        if (certificateChain == null) {
            return;
        }
        int length = certificateChain.length;
        PublicKey publicKey = length > 0 ? certificateChain[0].getPublicKey() : null;
        byte[][] bArr = new byte[length];
        for (int i5 = 0; i5 < length; i5++) {
            bArr[i5] = this.f80136e[i5].getEncoded();
        }
        try {
            NativeCrypto.setLocalCertsAndPrivateKey(this.f80138g, this, bArr, s1.d(privateKey, publicKey).h());
        } catch (InvalidKeyException e3) {
            throw new SSLException(e3);
        }
    }

    private void O() throws SSLException {
        X509Certificate[] acceptedIssuers;
        if (F()) {
            return;
        }
        boolean z4 = false;
        if (this.f80132a.u()) {
            NativeCrypto.SSL_set_verify(this.f80138g, this, 3);
        } else {
            if (!this.f80132a.C()) {
                NativeCrypto.SSL_set_verify(this.f80138g, this, 0);
                if (z4 || (acceptedIssuers = this.f80132a.E().getAcceptedIssuers()) == null || acceptedIssuers.length == 0) {
                    return;
                }
                try {
                    NativeCrypto.SSL_set_client_CA_list(this.f80138g, this, SSLUtils.g(acceptedIssuers));
                    return;
                } catch (CertificateEncodingException e3) {
                    throw new SSLException("Problem encoding principals", e3);
                }
            }
            NativeCrypto.SSL_set_verify(this.f80138g, this, 1);
        }
        z4 = true;
        if (z4) {
        }
    }

    private void Q(s1 s1Var) throws SSLException {
        q2 q2Var = this.f80132a;
        if (q2Var.f80506x) {
            if (!q2Var.A()) {
                NativeCrypto.SSL_enable_tls_channel_id(this.f80138g, this);
            } else {
                if (s1Var == null) {
                    throw new SSLHandshakeException("Invalid TLS channel ID key specified");
                }
                NativeCrypto.SSL_set1_tls_channel_id(this.f80138g, this, s1Var.h());
            }
        }
    }

    private void T(String str) throws SSLHandshakeException {
        if (d.b(str) && !m2.c0(this.f80132a, str)) {
            throw new SSLHandshakeException("SNI match failed: " + str);
        }
    }

    private void j() throws SSLException {
        j2 w4 = this.f80132a.w();
        if (w4 != null) {
            String[] strArr = this.f80132a.f80490h;
            int length = strArr.length;
            boolean z4 = false;
            int i5 = 0;
            while (true) {
                if (i5 < length) {
                    String str = strArr[i5];
                    if (str != null && str.contains("PSK")) {
                        z4 = true;
                        break;
                    }
                    i5++;
                } else {
                    break;
                }
            }
            if (z4) {
                if (F()) {
                    NativeCrypto.set_SSL_psk_client_callback_enabled(this.f80138g, this, true);
                    return;
                }
                NativeCrypto.set_SSL_psk_server_callback_enabled(this.f80138g, this, true);
                NativeCrypto.SSL_use_psk_identity_hint(this.f80138g, this, this.f80135d.h(w4));
            }
        }
    }

    private Set<String> n() {
        HashSet hashSet = new HashSet();
        for (long j5 : NativeCrypto.SSL_get_ciphers(this.f80138g, this)) {
            String m5 = SSLUtils.m(j5);
            if (m5 != null) {
                hashSet.add(m5);
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] A() throws SSLException {
        return NativeCrypto.SSL_get_tls_channel_id(this.f80138g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] B() {
        return NativeCrypto.SSL_get_tls_unique(this.f80138g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String C() {
        return NativeCrypto.SSL_get_version(this.f80138g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void D(String str, s1 s1Var) throws IOException {
        if (!this.f80132a.q()) {
            NativeCrypto.SSL_set_session_creation_enabled(this.f80138g, this, false);
        }
        NativeCrypto.SSL_accept_renegotiations(this.f80138g, this);
        if (F()) {
            NativeCrypto.SSL_set_connect_state(this.f80138g, this);
            NativeCrypto.SSL_enable_ocsp_stapling(this.f80138g, this);
            if (this.f80132a.F(str)) {
                NativeCrypto.SSL_enable_signed_cert_timestamps(this.f80138g, this);
            }
        } else {
            NativeCrypto.SSL_set_accept_state(this.f80138g, this);
            if (this.f80132a.v() != null) {
                NativeCrypto.SSL_enable_ocsp_stapling(this.f80138g, this);
            }
        }
        if (this.f80132a.s().length == 0 && this.f80132a.f80489g) {
            throw new SSLHandshakeException("No enabled protocols; SSLv3 is no longer supported and was filtered from the list");
        }
        NativeCrypto.n(this.f80138g, this, this.f80132a.f80488f);
        long j5 = this.f80138g;
        q2 q2Var = this.f80132a;
        NativeCrypto.m(j5, this, q2Var.f80490h, q2Var.f80488f);
        if (this.f80132a.f80502t.length > 0) {
            NativeCrypto.setApplicationProtocols(this.f80138g, this, F(), this.f80132a.f80502t);
        }
        if (!F() && this.f80132a.f80503u != null) {
            NativeCrypto.setHasApplicationProtocolSelector(this.f80138g, this, true);
        }
        if (!F()) {
            NativeCrypto.SSL_set_options(this.f80138g, this, 4194304L);
            if (this.f80132a.f80500r != null) {
                NativeCrypto.SSL_set_signed_cert_timestamp_list(this.f80138g, this, this.f80132a.f80500r);
            }
            if (this.f80132a.f80501s != null) {
                NativeCrypto.SSL_set_ocsp_response(this.f80138g, this, this.f80132a.f80501s);
            }
        }
        j();
        if (this.f80132a.f80504v) {
            NativeCrypto.SSL_clear_options(this.f80138g, this, 16384L);
        } else {
            NativeCrypto.SSL_set_options(this.f80138g, this, 16384 | NativeCrypto.SSL_get_options(this.f80138g, this));
        }
        if (this.f80132a.B() && d.b(str)) {
            NativeCrypto.SSL_set_tlsext_host_name(this.f80138g, this, str);
        }
        NativeCrypto.SSL_set_mode(this.f80138g, this, 256L);
        O();
        Q(s1Var);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void E() {
        NativeCrypto.SSL_interrupt(this.f80138g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean G() {
        return this.f80138g == 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public b H() {
        try {
            return new b();
        } catch (SSLException e3) {
            throw new RuntimeException(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void J(long j5) throws SSLException {
        NativeCrypto.SSL_set_session(this.f80138g, this, j5);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int K(FileDescriptor fileDescriptor, byte[] bArr, int i5, int i6, int i7) throws IOException {
        this.f80137f.readLock().lock();
        try {
            if (G() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            return NativeCrypto.SSL_read(this.f80138g, this, fileDescriptor, this.f80133b, bArr, i5, i6, i7);
        } finally {
            this.f80137f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int L(long j5, int i5) throws IOException, CertificateException {
        this.f80137f.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_read_direct(this.f80138g, this, j5, i5, this.f80133b);
        } finally {
            this.f80137f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int M(String str, String str2, byte[] bArr) {
        byte[] encoded;
        j2 w4 = this.f80132a.w();
        if (w4 == null || (encoded = this.f80135d.y(w4, str, str2).getEncoded()) == null || encoded.length > bArr.length) {
            return 0;
        }
        System.arraycopy(encoded, 0, bArr, 0, encoded.length);
        return encoded.length;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void P(long j5) {
        NativeCrypto.SSL_set_timeout(this.f80138g, this, j5);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void R() throws IOException {
        this.f80137f.readLock().lock();
        try {
            NativeCrypto.ENGINE_SSL_shutdown(this.f80138g, this, this.f80133b);
        } finally {
            this.f80137f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void S(FileDescriptor fileDescriptor) throws IOException {
        NativeCrypto.SSL_shutdown(this.f80138g, this, fileDescriptor, this.f80133b);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean U() {
        this.f80137f.readLock().lock();
        try {
            return (NativeCrypto.SSL_get_shutdown(this.f80138g, this) & 2) != 0;
        } finally {
            this.f80137f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean V() {
        this.f80137f.readLock().lock();
        try {
            return (NativeCrypto.SSL_get_shutdown(this.f80138g, this) & 1) != 0;
        } finally {
            this.f80137f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void W(FileDescriptor fileDescriptor, byte[] bArr, int i5, int i6, int i7) throws IOException {
        this.f80137f.readLock().lock();
        try {
            if (G() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_write(this.f80138g, this, fileDescriptor, this.f80133b, bArr, i5, i6, i7);
        } finally {
            this.f80137f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int X(long j5, int i5) throws IOException {
        this.f80137f.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_write_direct(this.f80138g, this, j5, i5, this.f80133b);
        } finally {
            this.f80137f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void d(byte[] bArr, int[] iArr, byte[][] bArr2) throws SSLException, CertificateEncodingException {
        X500Principal[] x500PrincipalArr;
        Set<String> n5 = SSLUtils.n(bArr, iArr);
        String[] strArr = (String[]) n5.toArray(new String[0]);
        if (bArr2 == null) {
            x500PrincipalArr = null;
        } else {
            x500PrincipalArr = new X500Principal[bArr2.length];
            for (int i5 = 0; i5 < bArr2.length; i5++) {
                x500PrincipalArr[i5] = new X500Principal(bArr2[i5]);
            }
        }
        X509KeyManager D = this.f80132a.D();
        N(D != null ? this.f80134c.i(D, x500PrincipalArr, strArr) : null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int e(String str, byte[] bArr, byte[] bArr2) {
        byte[] bytes;
        String str2;
        byte[] bArr3;
        j2 w4 = this.f80132a.w();
        if (w4 == null) {
            return 0;
        }
        String v4 = this.f80135d.v(w4, str);
        if (v4 == null) {
            bArr3 = e0.f80324b;
            str2 = "";
        } else {
            if (v4.isEmpty()) {
                bytes = e0.f80324b;
            } else {
                try {
                    bytes = v4.getBytes("UTF-8");
                } catch (UnsupportedEncodingException e3) {
                    throw new RuntimeException("UTF-8 encoding not supported", e3);
                }
            }
            byte[] bArr4 = bytes;
            str2 = v4;
            bArr3 = bArr4;
        }
        if (bArr3.length + 1 > bArr.length) {
            return 0;
        }
        if (bArr3.length > 0) {
            System.arraycopy(bArr3, 0, bArr, 0, bArr3.length);
        }
        bArr[bArr3.length] = 0;
        byte[] encoded = this.f80135d.y(w4, str, str2).getEncoded();
        if (encoded == null || encoded.length > bArr2.length) {
            return 0;
        }
        System.arraycopy(encoded, 0, bArr2, 0, encoded.length);
        return encoded.length;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void f() {
        this.f80137f.writeLock().lock();
        try {
            if (!G()) {
                long j5 = this.f80138g;
                this.f80138g = 0L;
                NativeCrypto.SSL_free(j5, this);
            }
        } finally {
            this.f80137f.writeLock().unlock();
        }
    }

    protected final void finalize() throws Throwable {
        try {
            f();
        } finally {
            super.finalize();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void g() throws IOException {
        X509KeyManager D;
        T(w());
        if (F() || (D = this.f80132a.D()) == null) {
            return;
        }
        Iterator<String> it2 = n().iterator();
        while (it2.hasNext()) {
            try {
                N(this.f80134c.b(D, it2.next()));
            } catch (CertificateEncodingException e3) {
                throw new IOException(e3);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int h() throws IOException {
        this.f80137f.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_do_handshake(this.f80138g, this, this.f80133b);
        } finally {
            this.f80137f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void i(FileDescriptor fileDescriptor, int i5) throws CertificateException, IOException {
        this.f80137f.readLock().lock();
        try {
            if (G() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_do_handshake(this.f80138g, this, fileDescriptor, this.f80133b, i5);
        } finally {
            this.f80137f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] k(String str, byte[] bArr, int i5) throws SSLException {
        Objects.requireNonNull(str, "Label is null");
        return NativeCrypto.SSL_export_keying_material(this.f80138g, this, str.getBytes(Charset.forName(com.alipay.security.mobile.module.commonutils.crypto.a.f11573b)), bArr, i5);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void l() throws IOException {
        this.f80137f.readLock().lock();
        try {
            NativeCrypto.ENGINE_SSL_force_read(this.f80138g, this, this.f80133b);
        } finally {
            this.f80137f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] m() {
        return NativeCrypto.getApplicationProtocol(this.f80138g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String o() {
        return NativeCrypto.h(NativeCrypto.SSL_get_current_cipher(this.f80138g, this));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int p(int i5) {
        return NativeCrypto.SSL_get_error(this.f80138g, this, i5);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] q() {
        return this.f80136e;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int r() {
        return NativeCrypto.SSL_max_seal_overhead(this.f80138g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] s() {
        return NativeCrypto.SSL_get_ocsp_response(this.f80138g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] t() throws CertificateException {
        byte[][] SSL_get0_peer_certificates = NativeCrypto.SSL_get0_peer_certificates(this.f80138g, this);
        if (SSL_get0_peer_certificates == null) {
            return null;
        }
        return SSLUtils.e(SSL_get0_peer_certificates);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] u() {
        return NativeCrypto.SSL_get_signed_cert_timestamp_list(this.f80138g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int v() {
        this.f80137f.readLock().lock();
        try {
            return !G() ? NativeCrypto.SSL_pending_readable_bytes(this.f80138g, this) : 0;
        } finally {
            this.f80137f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String w() {
        return NativeCrypto.SSL_get_servername(this.f80138g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] x() {
        return NativeCrypto.SSL_session_id(this.f80138g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long y() {
        return NativeCrypto.SSL_get_time(this.f80138g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long z() {
        return NativeCrypto.SSL_get_timeout(this.f80138g, this);
    }
}
