package org.conscrypt;

import android.support.v4.media.session.PlaybackStateCompat;
import java.io.FileDescriptor;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.SocketException;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;
import org.conscrypt.NativeCrypto;
import org.conscrypt.cq;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: NativeSsl.java */
/* loaded from: classes4.dex */
public final class aw {
    private X509Certificate[] cTi;
    private final NativeCrypto.a cWA;
    private final cq.a cWB;
    private final cq.b cWC;
    private volatile long cWD;
    private final cq cWz;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: NativeSsl.java */
    /* loaded from: classes4.dex */
    public final class a {
        private long cWE;

        private a() throws SSLException {
            this.cWE = NativeCrypto.SSL_BIO_new(aw.this.cWD);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int B(long j2, int i2) throws IOException {
            return NativeCrypto.ENGINE_SSL_read_BIO_direct(aw.this.cWD, this.cWE, j2, i2, aw.this.cWA);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int C(long j2, int i2) throws IOException {
            return NativeCrypto.ENGINE_SSL_write_BIO_direct(aw.this.cWD, this.cWE, j2, i2, aw.this.cWA);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int atJ() {
            return NativeCrypto.SSL_pending_written_bytes_in_BIO(this.cWE);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void close() {
            NativeCrypto.BIO_free_all(this.cWE);
            this.cWE = 0L;
        }
    }

    private aw(long j2, cq cqVar, NativeCrypto.a aVar, cq.a aVar2, cq.b bVar) {
        this.cWD = j2;
        this.cWz = cqVar;
        this.cWA = aVar;
        this.cWB = aVar2;
        this.cWC = bVar;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static aw a(cq cqVar, NativeCrypto.a aVar, cq.a aVar2, cq.b bVar) throws SSLException {
        return new aw(NativeCrypto.SSL_new(cqVar.auE().cSV), cqVar, aVar, aVar2, bVar);
    }

    private void a(bn bnVar) throws SSLException {
        if (this.cWz.cUt) {
            if (!this.cWz.getUseClientMode()) {
                NativeCrypto.SSL_enable_tls_channel_id(this.cWD);
            } else {
                if (bnVar == null) {
                    throw new SSLHandshakeException("Invalid TLS channel ID key specified");
                }
                NativeCrypto.SSL_set1_tls_channel_id(this.cWD, bnVar.aul());
            }
        }
    }

    private void atC() throws SSLException {
        cj auH = this.cWz.auH();
        if (auH != null) {
            String[] strArr = this.cWz.cZs;
            int length = strArr.length;
            boolean z2 = false;
            int i2 = 0;
            while (true) {
                if (i2 < length) {
                    String str = strArr[i2];
                    if (str != null && str.contains("PSK")) {
                        z2 = true;
                        break;
                    }
                    i2++;
                } else {
                    break;
                }
            }
            if (z2) {
                if (atI()) {
                    NativeCrypto.set_SSL_psk_client_callback_enabled(this.cWD, true);
                    return;
                }
                NativeCrypto.set_SSL_psk_server_callback_enabled(this.cWD, true);
                NativeCrypto.SSL_use_psk_identity_hint(this.cWD, this.cWC.a(auH));
            }
        }
    }

    private boolean atI() {
        return this.cWz.getUseClientMode();
    }

    private void dy(long j2) throws SSLException {
        X509Certificate[] acceptedIssuers;
        if (atI()) {
            return;
        }
        boolean z2 = true;
        if (this.cWz.getNeedClientAuth()) {
            NativeCrypto.SSL_set_verify(j2, 3);
        } else if (this.cWz.getWantClientAuth()) {
            NativeCrypto.SSL_set_verify(j2, 1);
        } else {
            NativeCrypto.SSL_set_verify(j2, 0);
            z2 = false;
        }
        if (!z2 || (acceptedIssuers = this.cWz.auI().getAcceptedIssuers()) == null || acceptedIssuers.length == 0) {
            return;
        }
        try {
            NativeCrypto.SSL_set_client_CA_list(j2, cs.c(acceptedIssuers));
        } catch (CertificateEncodingException e2) {
            throw new SSLException("Problem encoding principals", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int B(long j2, int i2) throws IOException, CertificateException {
        return NativeCrypto.ENGINE_SSL_read_direct(this.cWD, j2, i2, this.cWA);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int C(long j2, int i2) throws IOException {
        return NativeCrypto.ENGINE_SSL_write_direct(this.cWD, j2, i2, this.cWA);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int a(FileDescriptor fileDescriptor, byte[] bArr, int i2, int i3, int i4) throws IOException {
        if (isClosed() || fileDescriptor == null || !fileDescriptor.valid()) {
            throw new SocketException("Socket is closed");
        }
        return NativeCrypto.SSL_read(this.cWD, fileDescriptor, this.cWA, bArr, i2, i3, i4);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(FileDescriptor fileDescriptor, int i2) throws CertificateException, IOException {
        if (isClosed() || fileDescriptor == null || !fileDescriptor.valid()) {
            throw new SocketException("Socket is closed");
        }
        NativeCrypto.SSL_do_handshake(this.cWD, fileDescriptor, this.cWA, i2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(String str, bn bnVar) throws IOException {
        if (!this.cWz.getEnableSessionCreation()) {
            NativeCrypto.SSL_set_session_creation_enabled(this.cWD, false);
        }
        NativeCrypto.SSL_accept_renegotiations(this.cWD);
        if (atI()) {
            NativeCrypto.SSL_set_connect_state(this.cWD);
            NativeCrypto.SSL_enable_ocsp_stapling(this.cWD);
            if (this.cWz.mw(str)) {
                NativeCrypto.SSL_enable_signed_cert_timestamps(this.cWD);
            }
        } else {
            NativeCrypto.SSL_set_accept_state(this.cWD);
            if (this.cWz.auK() != null) {
                NativeCrypto.SSL_enable_ocsp_stapling(this.cWD);
            }
        }
        if (this.cWz.getEnabledProtocols().length == 0 && this.cWz.cZr) {
            throw new SSLHandshakeException("No enabled protocols; SSLv3 is no longer supported and was filtered from the list");
        }
        NativeCrypto.a(this.cWD, this.cWz.cZq);
        NativeCrypto.b(this.cWD, this.cWz.cZs);
        if (this.cWz.cZC.length > 0) {
            NativeCrypto.setApplicationProtocols(this.cWD, atI(), this.cWz.cZC);
        }
        if (!atI() && this.cWz.cZD != null) {
            NativeCrypto.setApplicationProtocolSelector(this.cWD, this.cWz.cZD);
        }
        if (!atI()) {
            HashSet hashSet = new HashSet();
            for (long j2 : NativeCrypto.SSL_get_ciphers(this.cWD)) {
                String dB = cs.dB(j2);
                if (dB != null) {
                    hashSet.add(dB);
                }
            }
            X509KeyManager auG = this.cWz.auG();
            if (auG != null) {
                Iterator it2 = hashSet.iterator();
                while (it2.hasNext()) {
                    try {
                        mn(this.cWB.a(auG, (String) it2.next()));
                    } catch (CertificateEncodingException e2) {
                        throw new IOException(e2);
                    }
                }
            }
            NativeCrypto.SSL_set_options(this.cWD, 4194304L);
            if (this.cWz.cZA != null) {
                NativeCrypto.SSL_set_signed_cert_timestamp_list(this.cWD, this.cWz.cZA);
            }
            if (this.cWz.cZB != null) {
                NativeCrypto.SSL_set_ocsp_response(this.cWD, this.cWz.cZB);
            }
        }
        atC();
        if (this.cWz.cZE) {
            NativeCrypto.SSL_clear_options(this.cWD, PlaybackStateCompat.ACTION_PREPARE);
        } else {
            NativeCrypto.SSL_set_options(this.cWD, NativeCrypto.SSL_get_options(this.cWD) | PlaybackStateCompat.ACTION_PREPARE);
        }
        if (this.cWz.auJ() && e.lZ(str)) {
            NativeCrypto.SSL_set_tlsext_host_name(this.cWD, str);
        }
        NativeCrypto.SSL_set_mode(this.cWD, 256L);
        dy(this.cWD);
        a(bnVar);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] arZ() {
        return NativeCrypto.SSL_get_tls_unique(this.cWD);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String ask() {
        return NativeCrypto.SSL_get_servername(this.cWD);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] asl() throws CertificateException {
        byte[][] SSL_get0_peer_certificates = NativeCrypto.SSL_get0_peer_certificates(this.cWD);
        if (SSL_get0_peer_certificates == null) {
            return null;
        }
        return cs.f(SSL_get0_peer_certificates);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] atA() throws SSLException {
        return NativeCrypto.SSL_get_tls_channel_id(this.cWD);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int atB() throws IOException {
        return NativeCrypto.ENGINE_SSL_do_handshake(this.cWD, this.cWA);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean atD() {
        return (NativeCrypto.SSL_get_shutdown(this.cWD) & 2) != 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean atE() {
        return (NativeCrypto.SSL_get_shutdown(this.cWD) & 1) != 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int atF() {
        return NativeCrypto.SSL_pending_readable_bytes(this.cWD);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int atG() {
        return NativeCrypto.SSL_max_seal_overhead(this.cWD);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] atH() {
        return NativeCrypto.getApplicationProtocol(this.cWD);
    }

    long atv() {
        return this.cWD;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public a atw() {
        try {
            return new a();
        } catch (SSLException e2) {
            throw new RuntimeException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] atx() {
        return this.cTi;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] aty() {
        return NativeCrypto.SSL_get_ocsp_response(this.cWD);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] atz() {
        return NativeCrypto.SSL_get_signed_cert_timestamp_list(this.cWD);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int b(String str, String str2, byte[] bArr) {
        byte[] encoded;
        cj auH = this.cWz.auH();
        if (auH == null || (encoded = this.cWC.a(auH, str, str2).getEncoded()) == null || encoded.length > bArr.length) {
            return 0;
        }
        System.arraycopy(encoded, 0, bArr, 0, encoded.length);
        return encoded.length;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int b(String str, byte[] bArr, byte[] bArr2) {
        byte[] bytes;
        cj auH = this.cWz.auH();
        if (auH == null) {
            return 0;
        }
        String a2 = this.cWC.a(auH, str);
        if (a2 == null) {
            a2 = "";
            bytes = y.cUF;
        } else if (a2.isEmpty()) {
            bytes = y.cUF;
        } else {
            try {
                bytes = a2.getBytes("UTF-8");
            } catch (UnsupportedEncodingException e2) {
                throw new RuntimeException("UTF-8 encoding not supported", e2);
            }
        }
        if (bytes.length + 1 > bArr.length) {
            return 0;
        }
        if (bytes.length > 0) {
            System.arraycopy(bytes, 0, bArr, 0, bytes.length);
        }
        bArr[bytes.length] = 0;
        byte[] encoded = this.cWC.a(auH, str, a2).getEncoded();
        if (encoded == null || encoded.length > bArr2.length) {
            return 0;
        }
        System.arraycopy(encoded, 0, bArr2, 0, encoded.length);
        return encoded.length;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void b(FileDescriptor fileDescriptor) throws IOException {
        NativeCrypto.SSL_shutdown(this.cWD, fileDescriptor, this.cWA);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void b(FileDescriptor fileDescriptor, byte[] bArr, int i2, int i3, int i4) throws IOException {
        if (isClosed() || fileDescriptor == null || !fileDescriptor.valid()) {
            throw new SocketException("Socket is closed");
        }
        NativeCrypto.SSL_write(this.cWD, fileDescriptor, this.cWA, bArr, i2, i3, i4);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void b(byte[] bArr, byte[][] bArr2) throws SSLException, CertificateEncodingException {
        X500Principal[] x500PrincipalArr;
        Set<String> eh2 = cs.eh(bArr);
        String[] strArr = (String[]) eh2.toArray(new String[eh2.size()]);
        if (bArr2 == null) {
            x500PrincipalArr = null;
        } else {
            x500PrincipalArr = new X500Principal[bArr2.length];
            for (int i2 = 0; i2 < bArr2.length; i2++) {
                x500PrincipalArr[i2] = new X500Principal(bArr2[i2]);
            }
        }
        X509KeyManager auG = this.cWz.auG();
        mn(auG != null ? this.cWB.a(auG, x500PrincipalArr, strArr) : null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void close() {
        NativeCrypto.SSL_free(this.cWD);
        this.cWD = 0L;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void dx(long j2) throws SSLException {
        NativeCrypto.SSL_set_session(this.cWD, j2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getCipherSuite() {
        return NativeCrypto.ml(NativeCrypto.SSL_get_current_cipher(this.cWD));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getSessionId() {
        return NativeCrypto.SSL_session_id(this.cWD);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long getTime() {
        return NativeCrypto.SSL_get_time(this.cWD);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long getTimeout() {
        return NativeCrypto.SSL_get_timeout(this.cWD);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getVersion() {
        return NativeCrypto.SSL_get_version(this.cWD);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void interrupt() {
        NativeCrypto.SSL_interrupt(this.cWD);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isClosed() {
        return this.cWD == 0;
    }

    void mn(String str) throws CertificateEncodingException, SSLException {
        X509KeyManager auG;
        PrivateKey privateKey;
        if (str == null || (auG = this.cWz.auG()) == null || (privateKey = auG.getPrivateKey(str)) == null) {
            return;
        }
        this.cTi = auG.getCertificateChain(str);
        X509Certificate[] x509CertificateArr = this.cTi;
        if (x509CertificateArr == null) {
            return;
        }
        int length = x509CertificateArr.length;
        PublicKey publicKey = length > 0 ? x509CertificateArr[0].getPublicKey() : null;
        byte[][] bArr = new byte[length];
        for (int i2 = 0; i2 < length; i2++) {
            bArr[i2] = this.cTi[i2].getEncoded();
        }
        try {
            NativeCrypto.setLocalCertsAndPrivateKey(this.cWD, bArr, bn.b(privateKey, publicKey).aul());
        } catch (InvalidKeyException e2) {
            throw new SSLException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int my(int i2) {
        return NativeCrypto.SSL_get_error(this.cWD, i2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setTimeout(long j2) {
        NativeCrypto.SSL_set_timeout(this.cWD, j2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void shutdown() throws IOException {
        NativeCrypto.ENGINE_SSL_shutdown(this.cWD, this.cWA);
    }
}
