package org.conscrypt;

import java.io.FileDescriptor;
import java.io.IOException;
import java.net.SocketException;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.X509KeyManager;
import org.conscrypt.Ba;
import org.conscrypt.NativeCrypto;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: NativeSsl.java */
/* loaded from: classes2.dex */
public final class Y {

    /* renamed from: a, reason: collision with root package name */
    private final Ba f23505a;

    /* renamed from: b, reason: collision with root package name */
    private final NativeCrypto.a f23506b;

    /* renamed from: c, reason: collision with root package name */
    private final Ba.a f23507c;

    /* renamed from: d, reason: collision with root package name */
    private final Ba.b f23508d;

    /* renamed from: e, reason: collision with root package name */
    private X509Certificate[] f23509e;

    /* renamed from: f, reason: collision with root package name */
    private final ReadWriteLock f23510f = new ReentrantReadWriteLock();

    /* renamed from: g, reason: collision with root package name */
    private volatile long f23511g;

    /* compiled from: NativeSsl.java */
    /* loaded from: classes2.dex */
    final class a {

        /* renamed from: a, reason: collision with root package name */
        private volatile long f23512a;

        private a() {
            this.f23512a = NativeCrypto.SSL_BIO_new(Y.this.f23511g, Y.this);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int a(long j2, int i2) {
            return NativeCrypto.ENGINE_SSL_read_BIO_direct(Y.this.f23511g, Y.this, this.f23512a, j2, i2, Y.this.f23506b);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void a() {
            long j2 = this.f23512a;
            this.f23512a = 0L;
            NativeCrypto.BIO_free_all(j2);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int b() {
            if (this.f23512a != 0) {
                return NativeCrypto.SSL_pending_written_bytes_in_BIO(this.f23512a);
            }
            return 0;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int b(long j2, int i2) {
            return NativeCrypto.ENGINE_SSL_write_BIO_direct(Y.this.f23511g, Y.this, this.f23512a, j2, i2, Y.this.f23506b);
        }
    }

    private Y(long j2, Ba ba, NativeCrypto.a aVar, Ba.a aVar2, Ba.b bVar) {
        this.f23511g = j2;
        this.f23505a = ba;
        this.f23506b = aVar;
        this.f23507c = aVar2;
        this.f23508d = bVar;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Y a(Ba ba, NativeCrypto.a aVar, Ba.a aVar2, Ba.b bVar) {
        AbstractC0939e l2 = ba.l();
        return new Y(NativeCrypto.SSL_new(l2.f23533c, l2), ba, aVar, aVar2, bVar);
    }

    private void a(ha haVar) {
        Ba ba = this.f23505a;
        if (ba.z) {
            if (!ba.n()) {
                NativeCrypto.SSL_enable_tls_channel_id(this.f23511g, this);
            } else {
                if (haVar == null) {
                    throw new SSLHandshakeException("Invalid TLS channel ID key specified");
                }
                NativeCrypto.SSL_set1_tls_channel_id(this.f23511g, this, haVar.a());
            }
        }
    }

    private void w() {
        sa k2 = this.f23505a.k();
        if (k2 != null) {
            String[] strArr = this.f23505a.f23434l;
            int length = strArr.length;
            boolean z = false;
            int i2 = 0;
            while (true) {
                if (i2 < length) {
                    String str = strArr[i2];
                    if (str != null && str.contains("PSK")) {
                        z = true;
                        break;
                    }
                    i2++;
                } else {
                    break;
                }
            }
            if (z) {
                if (x()) {
                    NativeCrypto.set_SSL_psk_client_callback_enabled(this.f23511g, this, true);
                    return;
                }
                NativeCrypto.set_SSL_psk_server_callback_enabled(this.f23511g, this, true);
                NativeCrypto.SSL_use_psk_identity_hint(this.f23511g, this, this.f23508d.a(k2));
            }
        }
    }

    private boolean x() {
        return this.f23505a.n();
    }

    private void y() {
        X509Certificate[] acceptedIssuers;
        if (x()) {
            return;
        }
        boolean z = true;
        if (this.f23505a.i()) {
            NativeCrypto.SSL_set_verify(this.f23511g, this, 3);
        } else if (this.f23505a.p()) {
            NativeCrypto.SSL_set_verify(this.f23511g, this, 1);
        } else {
            NativeCrypto.SSL_set_verify(this.f23511g, this, 0);
            z = false;
        }
        if (!z || (acceptedIssuers = this.f23505a.r().getAcceptedIssuers()) == null || acceptedIssuers.length == 0) {
            return;
        }
        try {
            NativeCrypto.SSL_set_client_CA_list(this.f23511g, this, Ca.a(acceptedIssuers));
        } catch (CertificateEncodingException e2) {
            throw new SSLException("Problem encoding principals", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int a(int i2) {
        return NativeCrypto.SSL_get_error(this.f23511g, this, i2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int a(long j2, int i2) {
        this.f23510f.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_read_direct(this.f23511g, this, j2, i2, this.f23506b);
        } finally {
            this.f23510f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int a(FileDescriptor fileDescriptor, byte[] bArr, int i2, int i3, int i4) {
        this.f23510f.readLock().lock();
        try {
            if (r() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            return NativeCrypto.SSL_read(this.f23511g, this, fileDescriptor, this.f23506b, bArr, i2, i3, i4);
        } finally {
            this.f23510f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a() {
        this.f23510f.writeLock().lock();
        try {
            if (!r()) {
                long j2 = this.f23511g;
                this.f23511g = 0L;
                NativeCrypto.SSL_free(j2, this);
            }
        } finally {
            this.f23510f.writeLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(long j2) {
        NativeCrypto.SSL_set_session(this.f23511g, this, j2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(FileDescriptor fileDescriptor) {
        NativeCrypto.SSL_shutdown(this.f23511g, this, fileDescriptor, this.f23506b);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(FileDescriptor fileDescriptor, int i2) {
        this.f23510f.readLock().lock();
        try {
            if (r() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_do_handshake(this.f23511g, this, fileDescriptor, this.f23506b, i2);
        } finally {
            this.f23510f.readLock().unlock();
        }
    }

    void a(String str) {
        X509KeyManager q2;
        PrivateKey privateKey;
        if (str == null || (q2 = this.f23505a.q()) == null || (privateKey = q2.getPrivateKey(str)) == null) {
            return;
        }
        this.f23509e = q2.getCertificateChain(str);
        X509Certificate[] x509CertificateArr = this.f23509e;
        if (x509CertificateArr == null) {
            return;
        }
        int length = x509CertificateArr.length;
        PublicKey publicKey = length > 0 ? x509CertificateArr[0].getPublicKey() : null;
        byte[][] bArr = new byte[length];
        for (int i2 = 0; i2 < length; i2++) {
            bArr[i2] = this.f23509e[i2].getEncoded();
        }
        try {
            NativeCrypto.setLocalCertsAndPrivateKey(this.f23511g, this, bArr, ha.a(privateKey, publicKey).a());
        } catch (InvalidKeyException e2) {
            throw new SSLException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(String str, ha haVar) {
        if (!this.f23505a.e()) {
            NativeCrypto.SSL_set_session_creation_enabled(this.f23511g, this, false);
        }
        NativeCrypto.SSL_accept_renegotiations(this.f23511g, this);
        if (x()) {
            NativeCrypto.SSL_set_connect_state(this.f23511g, this);
            NativeCrypto.SSL_enable_ocsp_stapling(this.f23511g, this);
            if (this.f23505a.a(str)) {
                NativeCrypto.SSL_enable_signed_cert_timestamps(this.f23511g, this);
            }
        } else {
            NativeCrypto.SSL_set_accept_state(this.f23511g, this);
            if (this.f23505a.j() != null) {
                NativeCrypto.SSL_enable_ocsp_stapling(this.f23511g, this);
            }
        }
        if (this.f23505a.g().length == 0 && this.f23505a.f23433k) {
            throw new SSLHandshakeException("No enabled protocols; SSLv3 is no longer supported and was filtered from the list");
        }
        NativeCrypto.b(this.f23511g, this, this.f23505a.f23432j);
        NativeCrypto.a(this.f23511g, this, this.f23505a.f23434l);
        if (this.f23505a.v.length > 0) {
            NativeCrypto.setApplicationProtocols(this.f23511g, this, x(), this.f23505a.v);
        }
        if (!x() && this.f23505a.w != null) {
            NativeCrypto.setApplicationProtocolSelector(this.f23511g, this, this.f23505a.w);
        }
        if (!x()) {
            HashSet hashSet = new HashSet();
            for (long j2 : NativeCrypto.SSL_get_ciphers(this.f23511g, this)) {
                String a2 = Ca.a(j2);
                if (a2 != null) {
                    hashSet.add(a2);
                }
            }
            X509KeyManager q2 = this.f23505a.q();
            if (q2 != null) {
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    try {
                        a(this.f23507c.a(q2, (String) it.next()));
                    } catch (CertificateEncodingException e2) {
                        throw new IOException(e2);
                    }
                }
            }
            NativeCrypto.SSL_set_options(this.f23511g, this, 4194304L);
            if (this.f23505a.t != null) {
                NativeCrypto.SSL_set_signed_cert_timestamp_list(this.f23511g, this, this.f23505a.t);
            }
            if (this.f23505a.u != null) {
                NativeCrypto.SSL_set_ocsp_response(this.f23511g, this, this.f23505a.u);
            }
        }
        w();
        if (this.f23505a.x) {
            NativeCrypto.SSL_clear_options(this.f23511g, this, 16384L);
        } else {
            NativeCrypto.SSL_set_options(this.f23511g, this, NativeCrypto.SSL_get_options(this.f23511g, this) | 16384);
        }
        if (this.f23505a.o() && C0943g.b(str)) {
            NativeCrypto.SSL_set_tlsext_host_name(this.f23511g, this, str);
        }
        NativeCrypto.SSL_set_mode(this.f23511g, this, 256L);
        y();
        a(haVar);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int b() {
        this.f23510f.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_do_handshake(this.f23511g, this, this.f23506b);
        } finally {
            this.f23510f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int b(long j2, int i2) {
        this.f23510f.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_write_direct(this.f23511g, this, j2, i2, this.f23506b);
        } finally {
            this.f23510f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void b(long j2) {
        NativeCrypto.SSL_set_timeout(this.f23511g, this, j2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void b(FileDescriptor fileDescriptor, byte[] bArr, int i2, int i3, int i4) {
        this.f23510f.readLock().lock();
        try {
            if (r() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_write(this.f23511g, this, fileDescriptor, this.f23506b, bArr, i2, i3, i4);
        } finally {
            this.f23510f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void c() {
        this.f23510f.readLock().lock();
        try {
            NativeCrypto.ENGINE_SSL_force_read(this.f23511g, this, this.f23506b);
        } finally {
            this.f23510f.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] d() {
        return NativeCrypto.getApplicationProtocol(this.f23511g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String e() {
        return NativeCrypto.b(NativeCrypto.SSL_get_current_cipher(this.f23511g, this));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] f() {
        return this.f23509e;
    }

    protected final void finalize() {
        try {
            a();
        } finally {
            super.finalize();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int g() {
        return NativeCrypto.SSL_max_seal_overhead(this.f23511g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] h() {
        return NativeCrypto.SSL_get_ocsp_response(this.f23511g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] i() {
        byte[][] SSL_get0_peer_certificates = NativeCrypto.SSL_get0_peer_certificates(this.f23511g, this);
        if (SSL_get0_peer_certificates == null) {
            return null;
        }
        return Ca.a(SSL_get0_peer_certificates);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] j() {
        return NativeCrypto.SSL_get_signed_cert_timestamp_list(this.f23511g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int k() {
        return NativeCrypto.SSL_pending_readable_bytes(this.f23511g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String l() {
        return NativeCrypto.SSL_get_servername(this.f23511g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] m() {
        return NativeCrypto.SSL_session_id(this.f23511g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long n() {
        return NativeCrypto.SSL_get_time(this.f23511g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long o() {
        return NativeCrypto.SSL_get_timeout(this.f23511g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String p() {
        return NativeCrypto.SSL_get_version(this.f23511g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void q() {
        NativeCrypto.SSL_interrupt(this.f23511g, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean r() {
        return this.f23511g == 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public a s() {
        try {
            return new a();
        } catch (SSLException e2) {
            throw new RuntimeException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void t() {
        NativeCrypto.ENGINE_SSL_shutdown(this.f23511g, this, this.f23506b);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean u() {
        return (NativeCrypto.SSL_get_shutdown(this.f23511g, this) & 2) != 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean v() {
        return (NativeCrypto.SSL_get_shutdown(this.f23511g, this) & 1) != 0;
    }
}
