package org.conscrypt;

import android.support.v4.media.session.PlaybackStateCompat;
import android.util.Log;
import java.io.FileDescriptor;
import java.io.IOException;
import java.net.SocketException;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.X509KeyManager;
import org.conscrypt.NativeCrypto;
import org.conscrypt.y0;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: NativeSsl.java */
/* loaded from: classes6.dex */
public final class f0 {

    /* renamed from: a, reason: collision with root package name */
    private final y0 f14388a;
    private final NativeCrypto.a b;

    /* renamed from: c, reason: collision with root package name */
    private final y0.a f14389c;

    /* renamed from: d, reason: collision with root package name */
    private final y0.b f14390d;

    /* renamed from: e, reason: collision with root package name */
    private X509Certificate[] f14391e;

    /* renamed from: f, reason: collision with root package name */
    private volatile long f14392f;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: NativeSsl.java */
    /* loaded from: classes6.dex */
    public final class b {

        /* renamed from: a, reason: collision with root package name */
        private long f14393a;

        private b() throws SSLException {
            this.f14393a = NativeCrypto.SSL_BIO_new(f0.this.f14392f);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void a() {
            NativeCrypto.BIO_free_all(this.f14393a);
            this.f14393a = 0L;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int b() {
            return NativeCrypto.SSL_pending_written_bytes_in_BIO(this.f14393a);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int c(long j, int i2) throws IOException {
            return NativeCrypto.ENGINE_SSL_read_BIO_direct(f0.this.f14392f, this.f14393a, j, i2, f0.this.b);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int d(long j, int i2) throws IOException {
            return NativeCrypto.ENGINE_SSL_write_BIO_direct(f0.this.f14392f, this.f14393a, j, i2, f0.this.b);
        }
    }

    private f0(long j, y0 y0Var, NativeCrypto.a aVar, y0.a aVar2, y0.b bVar) {
        this.f14392f = j;
        this.f14388a = y0Var;
        this.b = aVar;
        this.f14389c = aVar2;
        this.f14390d = bVar;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static f0 A(y0 y0Var, NativeCrypto.a aVar, y0.a aVar2, y0.b bVar) throws SSLException {
        long j = y0Var.w().f14355c;
        NativeCrypto.SSL_CTX_enable_tls13(j);
        return new f0(NativeCrypto.SSL_new(j), y0Var, aVar, aVar2, bVar);
    }

    private void E(long j) throws SSLException {
        X509Certificate[] acceptedIssuers;
        if (x()) {
            return;
        }
        boolean z = false;
        if (this.f14388a.t()) {
            NativeCrypto.SSL_set_verify(j, 3);
        } else {
            if (!this.f14388a.A()) {
                NativeCrypto.SSL_set_verify(j, 0);
                if (z || (acceptedIssuers = this.f14388a.C().getAcceptedIssuers()) == null || acceptedIssuers.length == 0) {
                    return;
                }
                try {
                    NativeCrypto.SSL_set_client_CA_list(j, SSLUtils.d(acceptedIssuers));
                    return;
                } catch (CertificateEncodingException e2) {
                    throw new SSLException("Problem encoding principals", e2);
                }
            }
            NativeCrypto.SSL_set_verify(j, 1);
        }
        z = true;
        if (z) {
        }
    }

    private void G(l0 l0Var) throws SSLException {
        y0 y0Var = this.f14388a;
        if (y0Var.v) {
            if (!y0Var.y()) {
                NativeCrypto.SSL_enable_tls_channel_id(this.f14392f);
            } else {
                if (l0Var == null) {
                    throw new SSLHandshakeException("Invalid TLS channel ID key specified");
                }
                NativeCrypto.SSL_set1_tls_channel_id(this.f14392f, l0Var.d());
            }
        }
    }

    private void f() throws SSLException {
        q0 v = this.f14388a.v();
        if (v != null) {
            String[] strArr = this.f14388a.f14482h;
            int length = strArr.length;
            boolean z = false;
            int i2 = 0;
            while (true) {
                if (i2 < length) {
                    String str = strArr[i2];
                    if (str != null && str.contains("PSK")) {
                        z = true;
                        break;
                    }
                    i2++;
                } else {
                    break;
                }
            }
            if (z) {
                if (x()) {
                    NativeCrypto.set_SSL_psk_client_callback_enabled(this.f14392f, true);
                    return;
                }
                NativeCrypto.set_SSL_psk_server_callback_enabled(this.f14392f, true);
                NativeCrypto.SSL_use_psk_identity_hint(this.f14392f, this.f14390d.g(v));
            }
        }
    }

    private boolean x() {
        return this.f14388a.y();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void B(long j) throws SSLException {
        NativeCrypto.SSL_set_session(this.f14392f, j);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int C(long j, int i2) throws IOException, CertificateException {
        return NativeCrypto.ENGINE_SSL_read_direct(this.f14392f, j, i2, this.b);
    }

    void D(String str) throws CertificateEncodingException, SSLException {
        X509KeyManager B;
        PrivateKey privateKey;
        if (str == null || (B = this.f14388a.B()) == null || (privateKey = B.getPrivateKey(str)) == null) {
            return;
        }
        X509Certificate[] certificateChain = B.getCertificateChain(str);
        this.f14391e = certificateChain;
        if (certificateChain == null) {
            return;
        }
        int length = certificateChain.length;
        PublicKey publicKey = length > 0 ? certificateChain[0].getPublicKey() : null;
        byte[][] bArr = new byte[length];
        for (int i2 = 0; i2 < length; i2++) {
            bArr[i2] = this.f14391e[i2].getEncoded();
        }
        try {
            NativeCrypto.setLocalCertsAndPrivateKey(this.f14392f, bArr, l0.c(privateKey, publicKey).d());
        } catch (InvalidKeyException e2) {
            throw new SSLException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void F(long j) {
        NativeCrypto.SSL_set_timeout(this.f14392f, j);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void H() throws IOException {
        NativeCrypto.ENGINE_SSL_shutdown(this.f14392f, this.b);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean I() {
        return (NativeCrypto.SSL_get_shutdown(this.f14392f) & 2) != 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean J() {
        return (NativeCrypto.SSL_get_shutdown(this.f14392f) & 1) != 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int K(long j, int i2) throws IOException {
        return NativeCrypto.ENGINE_SSL_write_direct(this.f14392f, j, i2, this.b);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void c() {
        NativeCrypto.SSL_free(this.f14392f);
        this.f14392f = 0L;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int d() throws IOException {
        Log.d("ConscryptConstants", "Openssl doHandshake 1");
        return NativeCrypto.ENGINE_SSL_do_handshake(this.f14392f, this.b);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void e(FileDescriptor fileDescriptor, int i2) throws CertificateException, IOException {
        if (y() || fileDescriptor == null || !fileDescriptor.valid()) {
            throw new SocketException("Socket is closed");
        }
        Log.d("ConscryptConstants", "Openssl doHandshake");
        NativeCrypto.SSL_do_handshake(this.f14392f, fileDescriptor, this.b, i2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] g() {
        return NativeCrypto.getApplicationProtocol(this.f14392f);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String h() {
        return NativeCrypto.e(NativeCrypto.SSL_get_current_cipher(this.f14392f));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int i(int i2) {
        return NativeCrypto.SSL_get_error(this.f14392f, i2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] j() {
        return this.f14391e;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int k() {
        return NativeCrypto.SSL_max_seal_overhead(this.f14392f);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] l() {
        return NativeCrypto.SSL_get_ocsp_response(this.f14392f);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] m() throws CertificateException {
        byte[][] SSL_get0_peer_certificates = NativeCrypto.SSL_get0_peer_certificates(this.f14392f);
        if (SSL_get0_peer_certificates == null) {
            return null;
        }
        return SSLUtils.c(SSL_get0_peer_certificates);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] n() {
        return NativeCrypto.SSL_get_signed_cert_timestamp_list(this.f14392f);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int o() {
        return NativeCrypto.SSL_pending_readable_bytes(this.f14392f);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String p() {
        return NativeCrypto.SSL_get_servername(this.f14392f);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] q() {
        return NativeCrypto.SSL_session_id(this.f14392f);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long r() {
        return NativeCrypto.SSL_get_time(this.f14392f);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long s() {
        return NativeCrypto.SSL_get_timeout(this.f14392f);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] t() throws SSLException {
        return NativeCrypto.SSL_get_tls_channel_id(this.f14392f);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String u() {
        return NativeCrypto.SSL_get_version(this.f14392f);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void v(String str, l0 l0Var) throws IOException {
        if (!this.f14388a.o()) {
            NativeCrypto.SSL_set_session_creation_enabled(this.f14392f, false);
        }
        NativeCrypto.SSL_accept_renegotiations(this.f14392f);
        if (x()) {
            NativeCrypto.SSL_set_connect_state(this.f14392f);
            NativeCrypto.SSL_enable_ocsp_stapling(this.f14392f);
            if (this.f14388a.D(str)) {
                NativeCrypto.SSL_enable_signed_cert_timestamps(this.f14392f);
            }
        } else {
            NativeCrypto.SSL_set_accept_state(this.f14392f);
            if (this.f14388a.u() != null) {
                NativeCrypto.SSL_enable_ocsp_stapling(this.f14392f);
            }
        }
        if (this.f14388a.q().length == 0 && this.f14388a.f14481g) {
            throw new SSLHandshakeException("No enabled protocols; SSLv3 is no longer supported and was filtered from the list");
        }
        NativeCrypto.i(this.f14392f, this.f14388a.f14480f);
        NativeCrypto.h(this.f14392f, this.f14388a.f14482h);
        if (this.f14388a.r.length > 0) {
            NativeCrypto.setApplicationProtocols(this.f14392f, x(), this.f14388a.r);
        }
        if (!x() && this.f14388a.s != null) {
            NativeCrypto.setApplicationProtocolSelector(this.f14392f, this.f14388a.s);
        }
        if (!x()) {
            HashSet hashSet = new HashSet();
            for (long j : NativeCrypto.SSL_get_ciphers(this.f14392f)) {
                String i2 = SSLUtils.i(j);
                if (i2 != null) {
                    hashSet.add(i2);
                }
            }
            X509KeyManager B = this.f14388a.B();
            if (B != null) {
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    try {
                        D(this.f14389c.a(B, (String) it.next()));
                    } catch (CertificateEncodingException e2) {
                        throw new IOException(e2);
                    }
                }
            }
            NativeCrypto.SSL_set_options(this.f14392f, 4194304L);
            if (this.f14388a.p != null) {
                NativeCrypto.SSL_set_signed_cert_timestamp_list(this.f14392f, this.f14388a.p);
            }
            if (this.f14388a.q != null) {
                NativeCrypto.SSL_set_ocsp_response(this.f14392f, this.f14388a.q);
            }
        }
        f();
        Log.d("ConscryptConstants", "useSessionTickets: " + this.f14388a.t);
        if (this.f14388a.t) {
            NativeCrypto.SSL_clear_options(this.f14392f, PlaybackStateCompat.ACTION_PREPARE);
        } else {
            NativeCrypto.SSL_set_options(this.f14392f, PlaybackStateCompat.ACTION_PREPARE | NativeCrypto.SSL_get_options(this.f14392f));
        }
        if (this.f14388a.z() && d.b(str)) {
            NativeCrypto.SSL_set_tlsext_host_name(this.f14392f, str);
        }
        NativeCrypto.SSL_set_mode(this.f14392f, 256L);
        E(this.f14392f);
        G(l0Var);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void w() {
        NativeCrypto.SSL_interrupt(this.f14392f);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean y() {
        return this.f14392f == 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public b z() {
        try {
            return new b();
        } catch (SSLException e2) {
            throw new RuntimeException(e2);
        }
    }
}
