package com.nationsky.a;

import com.nationsky.conscrypt.NativeConstants;
import com.nationsky.conscrypt.NativeCrypto;
import com.nationsky.conscrypt.util.EmptyArray;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public final class ah implements Cloneable {
    private static volatile X509KeyManager e;
    private static volatile X509TrustManager f;
    private static volatile SecureRandom g;
    private static volatile ah h;
    byte[] a;
    byte[] b;
    boolean c;
    boolean d;
    private final h i;
    private final d j;
    private final X509KeyManager k;
    private final ac l;
    private final X509TrustManager m;
    private SecureRandom n;
    private String[] o;
    private String[] p;
    private boolean q;
    private boolean r;
    private boolean s;
    private boolean t;
    private String u;
    private Boolean v;

    /* JADX INFO: Access modifiers changed from: protected */
    public ah(ah ahVar) {
        this.q = true;
        this.r = false;
        this.s = false;
        this.t = true;
        this.i = new h();
        this.j = new d();
        this.k = ahVar.k;
        this.l = ahVar.l;
        this.m = ahVar.m;
        this.n = ahVar.n;
        this.o = ahVar.o;
        this.p = ahVar.p;
        this.q = ahVar.q;
        this.r = ahVar.r;
        this.s = ahVar.s;
        this.t = ahVar.t;
        this.u = ahVar.u;
        this.a = ahVar.a;
        this.b = ahVar.b;
        this.c = ahVar.c;
        this.v = ahVar.v;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ah(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom, h hVar, d dVar, String[] strArr) {
        this.q = true;
        this.r = false;
        this.s = false;
        this.t = true;
        this.j = dVar;
        this.i = hVar;
        if (keyManagerArr == null) {
            X509KeyManager x509KeyManager = e;
            if (x509KeyManager == null) {
                x509KeyManager = o();
                e = x509KeyManager;
            }
            this.k = x509KeyManager;
            this.l = null;
        } else {
            this.k = a(keyManagerArr);
            this.l = b(keyManagerArr);
        }
        if (trustManagerArr == null) {
            X509TrustManager x509TrustManager = f;
            if (x509TrustManager == null) {
                x509TrustManager = p();
                f = x509TrustManager;
            }
            this.m = x509TrustManager;
        } else {
            this.m = a(trustManagerArr);
        }
        this.n = secureRandom;
        this.o = (String[]) NativeCrypto.checkEnabledProtocols(strArr == null ? NativeCrypto.DEFAULT_PROTOCOLS : strArr).clone();
        boolean z = (this.k == null && this.m == null) ? false : true;
        boolean z2 = this.l != null;
        this.p = z ? z2 ? a(NativeCrypto.DEFAULT_PSK_CIPHER_SUITES, NativeCrypto.DEFAULT_X509_CIPHER_SUITES, new String[]{NativeCrypto.TLS_EMPTY_RENEGOTIATION_INFO_SCSV}) : a(NativeCrypto.DEFAULT_X509_CIPHER_SUITES, new String[]{NativeCrypto.TLS_EMPTY_RENEGOTIATION_INFO_SCSV}) : z2 ? a(NativeCrypto.DEFAULT_PSK_CIPHER_SUITES, new String[]{NativeCrypto.TLS_EMPTY_RENEGOTIATION_INFO_SCSV}) : new String[]{NativeCrypto.TLS_EMPTY_RENEGOTIATION_INFO_SCSV};
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ah a() {
        ah ahVar = h;
        if (ahVar == null) {
            ahVar = new ah(null, null, null, new h(), new d(), null);
            h = ahVar;
        }
        return (ah) ahVar.clone();
    }

    public static Set a(byte[] bArr) {
        String str;
        HashSet hashSet = new HashSet(bArr.length);
        for (byte b : bArr) {
            switch (b) {
                case 1:
                    str = "RSA";
                    break;
                case 3:
                    str = "DH_RSA";
                    break;
                case 64:
                    str = "EC";
                    break;
                case NativeConstants.TLS_CT_RSA_FIXED_ECDH /* 65 */:
                    str = "EC_RSA";
                    break;
                case NativeConstants.TLS_CT_ECDSA_FIXED_ECDH /* 66 */:
                    str = "EC_EC";
                    break;
                default:
                    str = null;
                    break;
            }
            if (str != null) {
                hashSet.add(str);
            }
        }
        return hashSet;
    }

    private static X509KeyManager a(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        return null;
    }

    private static X509TrustManager a(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    private static ab[] a(long[] jArr) {
        if (jArr == null) {
            return null;
        }
        ab[] abVarArr = new ab[jArr.length];
        for (int i = 0; i < jArr.length; i++) {
            abVarArr[i] = new ab(jArr[i]);
        }
        return abVarArr;
    }

    private static String[] a(String[]... strArr) {
        int i = 0;
        for (String[] strArr2 : strArr) {
            i += strArr2.length;
        }
        String[] strArr3 = new String[i];
        int i2 = 0;
        for (String[] strArr4 : strArr) {
            System.arraycopy(strArr4, 0, strArr3, i2, strArr4.length);
            i2 += strArr4.length;
        }
        return strArr3;
    }

    private static ac b(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof ac) {
                return (ac) keyManager;
            }
            if (keyManager != null) {
                try {
                    return j.a(keyManager);
                } catch (NoSuchMethodException e2) {
                }
            }
        }
        return null;
    }

    private static X509KeyManager o() {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(null, null);
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            X509KeyManager a = a(keyManagers);
            if (a == null) {
                throw new KeyManagementException("No X509KeyManager among default KeyManagers: " + Arrays.toString(keyManagers));
            }
            return a;
        } catch (KeyStoreException e2) {
            throw new KeyManagementException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new KeyManagementException(e3);
        } catch (UnrecoverableKeyException e4) {
            throw new KeyManagementException(e4);
        }
    }

    private static X509TrustManager p() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            X509TrustManager a = a(trustManagers);
            if (a == null) {
                throw new KeyManagementException("No X509TrustManager in among default TrustManagers: " + Arrays.toString(trustManagers));
            }
            return a;
        } catch (KeyStoreException e2) {
            throw new KeyManagementException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new KeyManagementException(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final int a(String str, String str2, byte[] bArr, aj ajVar) {
        byte[] encoded;
        ac acVar = this.l;
        if (acVar == null || (encoded = ajVar.a(acVar, str, str2).getEncoded()) == null || encoded.length > bArr.length) {
            return 0;
        }
        System.arraycopy(encoded, 0, bArr, 0, encoded.length);
        return encoded.length;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final int a(String str, byte[] bArr, byte[] bArr2, aj ajVar) {
        byte[] bytes;
        ac acVar = this.l;
        if (acVar == null) {
            return 0;
        }
        String a = ajVar.a(acVar, str);
        if (a == null) {
            a = "";
            bytes = EmptyArray.BYTE;
        } else if (a.isEmpty()) {
            bytes = EmptyArray.BYTE;
        } else {
            try {
                bytes = a.getBytes("UTF-8");
            } catch (UnsupportedEncodingException e2) {
                throw new RuntimeException("UTF-8 encoding not supported", e2);
            }
        }
        if (bytes.length + 1 > bArr.length) {
            return 0;
        }
        if (bytes.length > 0) {
            System.arraycopy(bytes, 0, bArr, 0, bytes.length);
        }
        bArr[bytes.length] = 0;
        byte[] encoded = ajVar.a(acVar, str, a).getEncoded();
        if (encoded != null && encoded.length <= bArr2.length) {
            System.arraycopy(encoded, 0, bArr2, 0, encoded.length);
            return encoded.length;
        }
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final v a(long j, long j2, v vVar, String str, int i, boolean z) {
        byte[] SSL_SESSION_session_id = NativeCrypto.SSL_SESSION_session_id(j);
        if (vVar != null && Arrays.equals(vVar.getId(), SSL_SESSION_session_id)) {
            vVar.a = System.currentTimeMillis();
            NativeCrypto.SSL_SESSION_free(j);
            return vVar;
        }
        if (!this.t) {
            throw new IllegalStateException("SSL Session may not be created");
        }
        v vVar2 = new v(j, a(NativeCrypto.SSL_get_certificate(j2)), a(NativeCrypto.SSL_get_peer_cert_chain(j2)), str, i, b());
        if (!z) {
            return vVar2;
        }
        b().c(vVar2);
        return vVar2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final v a(long j, String str, int i) {
        v vVar;
        boolean z;
        boolean z2 = true;
        if (!this.q) {
            return null;
        }
        h hVar = this.i;
        if (str == null) {
            vVar = null;
        } else {
            vVar = (v) hVar.a(str, i);
            if (vVar == null) {
                vVar = null;
            } else {
                String protocol = vVar.getProtocol();
                String[] strArr = this.o;
                int length = strArr.length;
                int i2 = 0;
                while (true) {
                    if (i2 >= length) {
                        z = false;
                        break;
                    }
                    if (protocol.equals(strArr[i2])) {
                        z = true;
                        break;
                    }
                    i2++;
                }
                if (z) {
                    String cipherSuite = vVar.getCipherSuite();
                    String[] strArr2 = this.p;
                    int length2 = strArr2.length;
                    int i3 = 0;
                    while (true) {
                        if (i3 >= length2) {
                            z2 = false;
                            break;
                        }
                        if (cipherSuite.equals(strArr2[i3])) {
                            break;
                        }
                        i3++;
                    }
                    if (!z2) {
                        vVar = null;
                    }
                } else {
                    vVar = null;
                }
            }
        }
        if (vVar == null) {
            return vVar;
        }
        NativeCrypto.SSL_set_session(j, vVar.d);
        return vVar;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void a(long j) {
        X509Certificate[] acceptedIssuers;
        boolean z = true;
        if (this.q) {
            return;
        }
        if (this.r) {
            NativeCrypto.SSL_set_verify(j, 3);
        } else if (this.s) {
            NativeCrypto.SSL_set_verify(j, 1);
        } else {
            NativeCrypto.SSL_set_verify(j, 0);
            z = false;
        }
        if (!z || (acceptedIssuers = this.m.getAcceptedIssuers()) == null || acceptedIssuers.length == 0) {
            return;
        }
        try {
            byte[][] bArr = new byte[acceptedIssuers.length];
            for (int i = 0; i < acceptedIssuers.length; i++) {
                bArr[i] = acceptedIssuers[i].getIssuerX500Principal().getEncoded();
            }
            NativeCrypto.SSL_set_client_CA_list(j, bArr);
        } catch (CertificateEncodingException e2) {
            throw new IOException("Problem encoding principals", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void a(long j, long j2, ai aiVar, aj ajVar, String str) {
        boolean z;
        if (this.a != null) {
            NativeCrypto.SSL_CTX_enable_npn(j);
        }
        if (this.q && this.b != null) {
            NativeCrypto.SSL_set_alpn_protos(j2, this.b);
        }
        NativeCrypto.setEnabledProtocols(j2, this.o);
        NativeCrypto.setEnabledCipherSuites(j2, this.p);
        if (!this.q) {
            HashSet hashSet = new HashSet();
            for (long j3 : NativeCrypto.SSL_get_ciphers(j2)) {
                String SSL_CIPHER_get_kx_name = NativeCrypto.SSL_CIPHER_get_kx_name(j3);
                String str2 = (SSL_CIPHER_get_kx_name.equals("RSA") || SSL_CIPHER_get_kx_name.equals("DHE_RSA") || SSL_CIPHER_get_kx_name.equals("ECDHE_RSA")) ? "RSA" : SSL_CIPHER_get_kx_name.equals("ECDHE_ECDSA") ? "EC" : SSL_CIPHER_get_kx_name.equals("ECDH_RSA") ? "EC_RSA" : SSL_CIPHER_get_kx_name.equals("ECDH_ECDSA") ? "EC_EC" : SSL_CIPHER_get_kx_name.equals("DH_RSA") ? "DH_RSA" : null;
                if (str2 != null) {
                    hashSet.add(str2);
                }
            }
            if (this.k != null) {
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    try {
                        a(j2, aiVar.a(this.k, (String) it.next()));
                    } catch (CertificateEncodingException e2) {
                        throw new IOException(e2);
                    }
                }
            }
        }
        ac acVar = this.l;
        if (acVar != null) {
            boolean z2 = false;
            String[] strArr = this.p;
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String str3 = strArr[i];
                if (str3 != null && str3.contains("PSK")) {
                    z2 = true;
                    break;
                }
                i++;
            }
            if (z2) {
                if (this.q) {
                    NativeCrypto.set_SSL_psk_client_callback_enabled(j2, true);
                } else {
                    NativeCrypto.set_SSL_psk_server_callback_enabled(j2, true);
                    NativeCrypto.SSL_use_psk_identity_hint(j2, ajVar.a(acVar));
                }
            }
        }
        if (this.c) {
            NativeCrypto.SSL_clear_options(j2, 16384L);
        }
        if (this.v != null) {
            z = this.v.booleanValue();
        } else {
            String property = System.getProperty("jsse.enableSNIExtension", "true");
            if ("true".equalsIgnoreCase(property)) {
                z = true;
            } else {
                if (!"false".equalsIgnoreCase(property)) {
                    throw new RuntimeException("Can only set \"jsse.enableSNIExtension\" to \"true\" or \"false\"");
                }
                z = false;
            }
        }
        if (z) {
            if (str == null ? false : str.indexOf(46) == -1 ? false : !ad.b(str)) {
                NativeCrypto.SSL_set_tlsext_host_name(j2, str);
            }
        }
        NativeCrypto.SSL_set_mode(j2, 256L);
        boolean z3 = this.t;
        if (z3) {
            return;
        }
        NativeCrypto.SSL_set_session_creation_enabled(j2, z3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void a(long j, r rVar) {
        if (this.d) {
            if (!this.q) {
                NativeCrypto.SSL_enable_tls_channel_id(j);
            } else {
                if (rVar == null) {
                    throw new SSLHandshakeException("Invalid TLS channel ID key specified");
                }
                NativeCrypto.SSL_set1_tls_channel_id(j, rVar.a());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void a(long j, String str) {
        X509KeyManager x509KeyManager;
        PrivateKey privateKey;
        X509Certificate[] certificateChain;
        if (str == null || (x509KeyManager = this.k) == null || (privateKey = x509KeyManager.getPrivateKey(str)) == null || (certificateChain = x509KeyManager.getCertificateChain(str)) == null) {
            return;
        }
        PublicKey publicKey = certificateChain.length > 0 ? certificateChain[0].getPublicKey() : null;
        ab[] abVarArr = new ab[certificateChain.length];
        long[] jArr = new long[certificateChain.length];
        for (int i = 0; i < certificateChain.length; i++) {
            ab a = ab.a(certificateChain[i]);
            abVarArr[i] = a;
            jArr[i] = a.a();
        }
        NativeCrypto.SSL_use_certificate(j, jArr);
        try {
            r a2 = privateKey instanceof s ? ((s) privateKey).a() : "RSA".equals(privateKey.getAlgorithm()) ? ad.a(privateKey) : null;
            if (a2 == null) {
                if ("PKCS#8".equals(privateKey.getFormat())) {
                    byte[] encoded = privateKey.getEncoded();
                    a2 = encoded == null ? null : new r(NativeCrypto.d2i_PKCS8_PRIV_KEY_INFO(encoded));
                } else {
                    a2 = null;
                }
                if (a2 == null) {
                    String algorithm = privateKey.getAlgorithm();
                    if ("RSA".equals(algorithm)) {
                        a2 = t.a(privateKey, publicKey);
                    } else {
                        if (!"EC".equals(algorithm)) {
                            throw new InvalidKeyException("Unsupported key algorithm: " + algorithm);
                        }
                        a2 = o.a(privateKey, publicKey);
                    }
                }
            }
            NativeCrypto.SSL_use_PrivateKey(j, a2.a());
            if (a2.c()) {
                return;
            }
            NativeCrypto.SSL_check_private_key(j);
        } catch (InvalidKeyException e2) {
            throw new SSLException(e2);
        }
    }

    public final void a(boolean z) {
        this.q = z;
    }

    public final void a(String[] strArr) {
        this.p = (String[]) NativeCrypto.checkEnabledCipherSuites(strArr).clone();
    }

    public final a b() {
        return this.q ? this.i : this.j;
    }

    public final void b(boolean z) {
        this.r = z;
        this.s = false;
    }

    public final void b(String[] strArr) {
        this.o = (String[]) NativeCrypto.checkEnabledProtocols(strArr).clone();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final d c() {
        return this.j;
    }

    public final void c(boolean z) {
        this.s = z;
        this.r = false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Object clone() {
        try {
            return super.clone();
        } catch (CloneNotSupportedException e2) {
            throw new AssertionError(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final h d() {
        return this.i;
    }

    public final void d(boolean z) {
        this.t = z;
    }

    public final X509KeyManager e() {
        return this.k;
    }

    public final X509TrustManager f() {
        return this.m;
    }

    public final SecureRandom g() {
        if (this.n != null) {
            return this.n;
        }
        SecureRandom secureRandom = g;
        if (secureRandom == null) {
            secureRandom = new SecureRandom();
            g = secureRandom;
        }
        this.n = secureRandom;
        return this.n;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final SecureRandom h() {
        return this.n;
    }

    public final String[] i() {
        return (String[]) this.p.clone();
    }

    public final String[] j() {
        return (String[]) this.o.clone();
    }

    public final boolean k() {
        return this.q;
    }

    public final boolean l() {
        return this.r;
    }

    public final boolean m() {
        return this.s;
    }

    public final boolean n() {
        return this.t;
    }
}
