package defpackage;

import com.google.android.gms.org.conscrypt.NativeCrypto;
import com.google.android.gms.org.conscrypt.OpenSSLECKeyPairGenerator;
import com.google.android.gms.org.conscrypt.PSKKeyManager;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import java.security.spec.ECParameterSpec;
import java.util.HashSet;
import java.util.Iterator;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.X509KeyManager;

/* compiled from: AW761268815 */
/* loaded from: classes2.dex */
public final class gna implements fqt<glw> {
    public final gjk a;
    public X509Certificate[] b;
    public long c;
    private final gla d;
    private final gkz e;
    private final glb f;

    private gna(long j, gkz gkzVar, gjk gjkVar, gla glaVar, glb glbVar) {
        this.c = j;
        this.e = gkzVar;
        this.a = gjkVar;
        this.d = glaVar;
        this.f = glbVar;
    }

    public static gna a(gkz gkzVar, gjk gjkVar, gla glaVar, glb glbVar) {
        return new gna(NativeCrypto.SSL_new(gkzVar.k().sslCtxNativePointer), gkzVar, gjkVar, glaVar, glbVar);
    }

    public static <T> T a(T t, String str) {
        if (t == null) {
            throw new NullPointerException(str);
        }
        return t;
    }

    private static String a(int i, int i2, String str) {
        if (i < 0) {
            return String.format("%s (%s) must not be negative", str, Integer.valueOf(i));
        }
        if (i2 >= 0) {
            return String.format("%s (%s) must not be greater than size (%s)", str, Integer.valueOf(i), Integer.valueOf(i2));
        }
        StringBuilder sb = new StringBuilder(26);
        sb.append("negative size: ");
        sb.append(i2);
        throw new IllegalArgumentException(sb.toString());
    }

    public static void a(int i, int i2, int i3) {
        if (i < 0 || i2 < i || i2 > i3) {
            throw new IndexOutOfBoundsException((i >= 0 && i <= i3) ? (i2 >= 0 && i2 <= i3) ? String.format("end index (%s) must not be less than start index (%s)", Integer.valueOf(i2), Integer.valueOf(i)) : a(i2, i3, "end index") : a(i, i3, "start index"));
        }
    }

    public static void a(boolean z, String str) {
        if (!z) {
            throw new IllegalArgumentException(str);
        }
    }

    public static void a(boolean z, String str, Object obj) {
        if (!z) {
            throw new IllegalArgumentException(String.format(str, obj));
        }
    }

    @Override // defpackage.fqt
    public final void a() {
    }

    @Override // defpackage.fqt
    public final /* synthetic */ void a(glw glwVar) {
        glwVar.a();
    }

    public final void a(String str, gkc gkcVar) {
        boolean z;
        X509Certificate[] acceptedIssuers;
        boolean z2;
        X509KeyManager x509KeyManager;
        PrivateKey privateKey;
        if (!this.e.j) {
            NativeCrypto.SSL_set_session_creation_enabled(this.c, false);
        }
        NativeCrypto.SSL_accept_renegotiations(this.c);
        if (this.e.e) {
            NativeCrypto.SSL_set_connect_state(this.c);
            NativeCrypto.SSL_enable_ocsp_stapling(this.c);
            if (str != null ? gkw.a(str) : false) {
                NativeCrypto.SSL_enable_signed_cert_timestamps(this.c);
            }
        } else {
            NativeCrypto.SSL_set_accept_state(this.c);
        }
        if (this.e.f().length == 0 && this.e.n) {
            throw new SSLHandshakeException("No enabled protocols; SSLv3 is no longer supported and was filtered from the list");
        }
        NativeCrypto.setEnabledProtocols(this.c, this.e.l);
        NativeCrypto.setEnabledCipherSuites(this.c, this.e.k);
        gkz gkzVar = this.e;
        byte[] bArr = gkzVar.b;
        if (bArr != null) {
            NativeCrypto.SSL_configure_alpn(this.c, gkzVar.e, bArr);
        }
        if (!this.e.e) {
            HashSet hashSet = new HashSet();
            for (long j : NativeCrypto.SSL_get_ciphers(this.c)) {
                String a = gld.a(j);
                if (a != null) {
                    hashSet.add(a);
                }
            }
            X509KeyManager x509KeyManager2 = this.e.x;
            if (x509KeyManager2 != null) {
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    try {
                        String a2 = this.d.a(x509KeyManager2, (String) it.next());
                        if (a2 != null && (x509KeyManager = this.e.x) != null && (privateKey = x509KeyManager.getPrivateKey(a2)) != null) {
                            this.b = x509KeyManager.getCertificateChain(a2);
                            X509Certificate[] x509CertificateArr = this.b;
                            if (x509CertificateArr == null) {
                                continue;
                            } else {
                                int length = x509CertificateArr.length;
                                PublicKey publicKey = length > 0 ? x509CertificateArr[0].getPublicKey() : null;
                                byte[][] bArr2 = new byte[length];
                                for (int i = 0; i < length; i++) {
                                    bArr2[i] = this.b[i].getEncoded();
                                }
                                try {
                                    gkc c = gkc.c(privateKey);
                                    if (c == null && (c = gkc.a(privateKey)) == null) {
                                        String algorithm = privateKey.getAlgorithm();
                                        if ("RSA".equals(algorithm)) {
                                            BigInteger modulus = privateKey instanceof RSAKey ? ((RSAKey) privateKey).getModulus() : publicKey instanceof RSAKey ? ((RSAKey) publicKey).getModulus() : null;
                                            if (modulus == null) {
                                                String valueOf = String.valueOf(privateKey);
                                                String valueOf2 = String.valueOf(publicKey);
                                                StringBuilder sb = new StringBuilder(String.valueOf(valueOf).length() + 46 + String.valueOf(valueOf2).length());
                                                sb.append("RSA modulus not available. Private: ");
                                                sb.append(valueOf);
                                                sb.append(", public: ");
                                                sb.append(valueOf2);
                                                throw new InvalidKeyException(sb.toString());
                                            }
                                            c = new gkc(NativeCrypto.getRSAPrivateKeyWrapper(privateKey, modulus.toByteArray()), true);
                                        } else {
                                            if (!OpenSSLECKeyPairGenerator.ALGORITHM.equals(algorithm)) {
                                                String valueOf3 = String.valueOf(algorithm);
                                                throw new InvalidKeyException(valueOf3.length() == 0 ? new String("Unsupported key algorithm: ") : "Unsupported key algorithm: ".concat(valueOf3));
                                            }
                                            ECParameterSpec params = privateKey instanceof ECKey ? ((ECKey) privateKey).getParams() : publicKey instanceof ECKey ? ((ECKey) publicKey).getParams() : null;
                                            if (params == null) {
                                                String valueOf4 = String.valueOf(privateKey);
                                                String valueOf5 = String.valueOf(publicKey);
                                                StringBuilder sb2 = new StringBuilder(String.valueOf(valueOf4).length() + 48 + String.valueOf(valueOf5).length());
                                                sb2.append("EC parameters not available. Private: ");
                                                sb2.append(valueOf4);
                                                sb2.append(", public: ");
                                                sb2.append(valueOf5);
                                                throw new InvalidKeyException(sb2.toString());
                                            }
                                            c = gka.a(privateKey, params);
                                        }
                                    }
                                    NativeCrypto.setLocalCertsAndPrivateKey(this.c, bArr2, c.a);
                                } catch (InvalidKeyException e) {
                                    throw new SSLException(e);
                                }
                            }
                        }
                    } catch (CertificateEncodingException e2) {
                        throw new IOException(e2);
                    }
                }
            }
            NativeCrypto.SSL_set_options(this.c, 4194304L);
        }
        gkz gkzVar2 = this.e;
        PSKKeyManager pSKKeyManager = gkzVar2.q;
        if (pSKKeyManager != null) {
            String[] strArr = gkzVar2.k;
            int length2 = strArr.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length2) {
                    z2 = false;
                    break;
                }
                String str2 = strArr[i2];
                if (str2 != null && str2.contains("PSK")) {
                    z2 = true;
                    break;
                }
                i2++;
            }
            if (z2) {
                if (this.e.e) {
                    NativeCrypto.set_SSL_psk_client_callback_enabled(this.c, true);
                } else {
                    NativeCrypto.set_SSL_psk_server_callback_enabled(this.c, true);
                    NativeCrypto.SSL_use_psk_identity_hint(this.c, this.f.a(pSKKeyManager));
                }
            }
        }
        if (this.e.u) {
            NativeCrypto.SSL_clear_options(this.c, 16384L);
        } else {
            long j2 = this.c;
            NativeCrypto.SSL_set_options(j2, NativeCrypto.SSL_get_options(j2) | 16384);
        }
        if (this.e.n() && gdf.i(str)) {
            NativeCrypto.SSL_set_tlsext_host_name(this.c, str);
        }
        NativeCrypto.SSL_set_mode(this.c, 256L);
        long j3 = this.c;
        gkz gkzVar3 = this.e;
        if (!gkzVar3.e) {
            if (gkzVar3.o) {
                NativeCrypto.SSL_set_verify(j3, 3);
                z = true;
            } else if (gkzVar3.w) {
                NativeCrypto.SSL_set_verify(j3, 1);
                z = true;
            } else {
                NativeCrypto.SSL_set_verify(j3, 0);
                z = false;
            }
            if (z && (acceptedIssuers = this.e.y.getAcceptedIssuers()) != null && acceptedIssuers.length != 0) {
                try {
                    NativeCrypto.SSL_set_client_CA_list(j3, gld.a(acceptedIssuers));
                } catch (CertificateEncodingException e3) {
                    throw new SSLException("Problem encoding principals", e3);
                }
            }
        }
        gkz gkzVar4 = this.e;
        if (gkzVar4.c) {
            if (!gkzVar4.e) {
                NativeCrypto.SSL_enable_tls_channel_id(this.c);
            } else {
                if (gkcVar == null) {
                    throw new SSLHandshakeException("Invalid TLS channel ID key specified");
                }
                NativeCrypto.SSL_set1_tls_channel_id(this.c, gkcVar.a);
            }
        }
    }

    public final void b() {
        NativeCrypto.SSL_free(this.c);
        this.c = 0L;
    }

    public final boolean c() {
        return this.c == 0;
    }

    public final glh d() {
        try {
            return new glh(this);
        } catch (SSLException e) {
            throw new RuntimeException(e);
        }
    }
}
