package org.conscrypt;

import java.io.FileDescriptor;
import java.io.IOException;
import java.net.SocketException;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.X509KeyManager;
import org.conscrypt.NativeCrypto;
import org.conscrypt.i;
import vf.h0;
import vf.j0;

/* loaded from: classes.dex */
public final class NativeSsl {

    /* renamed from: a, reason: collision with root package name */
    public final i f11594a;

    /* renamed from: b, reason: collision with root package name */
    public final NativeCrypto.SSLHandshakeCallbacks f11595b;

    /* renamed from: c, reason: collision with root package name */
    public final i.a f11596c;

    /* renamed from: d, reason: collision with root package name */
    public final i.b f11597d;

    /* renamed from: e, reason: collision with root package name */
    public X509Certificate[] f11598e;

    /* renamed from: f, reason: collision with root package name */
    public final ReentrantReadWriteLock f11599f = new ReentrantReadWriteLock();
    public volatile long g;

    /* loaded from: classes.dex */
    public final class a {

        /* renamed from: a, reason: collision with root package name */
        public volatile long f11600a;

        public a() {
            this.f11600a = NativeCrypto.SSL_BIO_new(NativeSsl.this.g, NativeSsl.this);
        }
    }

    public NativeSsl(long j6, i iVar, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, i.a aVar, i.b bVar) {
        this.g = j6;
        this.f11594a = iVar;
        this.f11595b = sSLHandshakeCallbacks;
        this.f11596c = aVar;
        this.f11597d = bVar;
    }

    public static NativeSsl h(i iVar, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, i.a aVar, i.b bVar) {
        AbstractSessionContext c10 = iVar.c();
        return new NativeSsl(NativeCrypto.SSL_new(c10.f11576c, c10), iVar, sSLHandshakeCallbacks, aVar, bVar);
    }

    public final void a() {
        this.f11599f.writeLock().lock();
        try {
            if (!g()) {
                long j6 = this.g;
                this.g = 0L;
                NativeCrypto.SSL_free(j6, this);
            }
        } finally {
            this.f11599f.writeLock().unlock();
        }
    }

    public final int b() {
        this.f11599f.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_do_handshake(this.g, this, this.f11595b);
        } finally {
            this.f11599f.readLock().unlock();
        }
    }

    public final void c(FileDescriptor fileDescriptor, int i10) {
        this.f11599f.readLock().lock();
        try {
            if (g() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_do_handshake(this.g, this, fileDescriptor, this.f11595b, i10);
        } finally {
            this.f11599f.readLock().unlock();
        }
    }

    public final void d() {
        this.f11599f.readLock().lock();
        try {
            NativeCrypto.ENGINE_SSL_force_read(this.g, this, this.f11595b);
        } finally {
            this.f11599f.readLock().unlock();
        }
    }

    public final int e() {
        this.f11599f.readLock().lock();
        try {
            if (!g()) {
                return NativeCrypto.SSL_pending_readable_bytes(this.g, this);
            }
            this.f11599f.readLock().unlock();
            return 0;
        } finally {
            this.f11599f.readLock().unlock();
        }
    }

    public final void f(String str) {
        X509Certificate[] acceptedIssuers;
        boolean d10;
        if (!this.f11594a.f11648u) {
            NativeCrypto.SSL_set_session_creation_enabled(this.g, this, false);
        }
        NativeCrypto.SSL_accept_renegotiations(this.g, this);
        boolean z10 = this.f11594a.f11645r;
        long j6 = this.g;
        boolean z11 = true;
        if (z10) {
            NativeCrypto.SSL_set_connect_state(j6, this);
            NativeCrypto.SSL_enable_ocsp_stapling(this.g, this);
            i iVar = this.f11594a;
            if (str == null) {
                iVar.getClass();
                d10 = false;
            } else {
                d10 = iVar.f11650x ? true : h0.d(str);
            }
            if (d10) {
                NativeCrypto.SSL_enable_signed_cert_timestamps(this.g, this);
            }
        } else {
            NativeCrypto.SSL_set_accept_state(j6, this);
            if (this.f11594a.f11652z != null) {
                NativeCrypto.SSL_enable_ocsp_stapling(this.g, this);
            }
        }
        if (((String[]) this.f11594a.f11643o.clone()).length == 0 && this.f11594a.f11644p) {
            throw new SSLHandshakeException("No enabled protocols; SSLv3 is no longer supported and was filtered from the list");
        }
        long j10 = this.g;
        String[] strArr = this.f11594a.f11643o;
        NativeCrypto.b(strArr);
        NativeCrypto.a d11 = NativeCrypto.d(strArr);
        NativeCrypto.SSL_set_protocol_versions(j10, this, NativeCrypto.c(d11.f11591a), NativeCrypto.c(d11.f11592b));
        long j11 = this.g;
        i iVar2 = this.f11594a;
        String[] strArr2 = iVar2.q;
        String[] strArr3 = iVar2.f11643o;
        NativeCrypto.a(strArr2);
        NativeCrypto.a d12 = NativeCrypto.d(strArr3);
        ArrayList arrayList = new ArrayList();
        for (String str2 : strArr2) {
            if (!str2.equals("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) {
                if (str2.equals("TLS_FALLBACK_SCSV")) {
                    String str3 = d12.f11592b;
                    if (str3.equals("TLSv1") || str3.equals("TLSv1.1")) {
                        NativeCrypto.SSL_set_mode(j11, this, 1024L);
                    }
                }
                if ("SSL_RSA_WITH_3DES_EDE_CBC_SHA".equals(str2)) {
                    str2 = "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
                }
                arrayList.add(str2);
            }
        }
        NativeCrypto.SSL_set_cipher_lists(j11, this, (String[]) arrayList.toArray(new String[arrayList.size()]));
        if (this.f11594a.A.length > 0) {
            long j12 = this.g;
            i iVar3 = this.f11594a;
            NativeCrypto.setApplicationProtocols(j12, this, iVar3.f11645r, iVar3.A);
        }
        i iVar4 = this.f11594a;
        if (!iVar4.f11645r && iVar4.B != null) {
            NativeCrypto.setApplicationProtocolSelector(this.g, this, this.f11594a.B);
        }
        if (!this.f11594a.f11645r) {
            HashSet hashSet = new HashSet();
            for (long j13 : NativeCrypto.SSL_get_ciphers(this.g, this)) {
                boolean z12 = j0.f14739a;
                String SSL_CIPHER_get_kx_name = NativeCrypto.SSL_CIPHER_get_kx_name(j13);
                String str4 = "RSA";
                if (!SSL_CIPHER_get_kx_name.equals("RSA") && !SSL_CIPHER_get_kx_name.equals("DHE_RSA") && !SSL_CIPHER_get_kx_name.equals("ECDHE_RSA")) {
                    str4 = SSL_CIPHER_get_kx_name.equals("ECDHE_ECDSA") ? "EC" : null;
                }
                if (str4 != null) {
                    hashSet.add(str4);
                }
            }
            X509KeyManager x509KeyManager = this.f11594a.f11641m;
            if (x509KeyManager != null) {
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    try {
                        j(this.f11596c.b(x509KeyManager, (String) it.next()));
                    } catch (CertificateEncodingException e10) {
                        throw new IOException(e10);
                    }
                }
            }
            NativeCrypto.SSL_set_options(this.g, this, 4194304L);
            if (this.f11594a.f11651y != null) {
                NativeCrypto.SSL_set_signed_cert_timestamp_list(this.g, this, this.f11594a.f11651y);
            }
            if (this.f11594a.f11652z != null) {
                NativeCrypto.SSL_set_ocsp_response(this.g, this, this.f11594a.f11652z);
            }
        }
        this.f11594a.getClass();
        boolean z13 = this.f11594a.C;
        long j14 = this.g;
        if (z13) {
            NativeCrypto.SSL_clear_options(j14, this, 16384L);
        } else {
            NativeCrypto.SSL_set_options(j14, this, 16384 | NativeCrypto.SSL_get_options(this.g, this));
        }
        if (this.f11594a.d() && v5.a.J(str)) {
            NativeCrypto.SSL_set_tlsext_host_name(this.g, this, str);
        }
        NativeCrypto.SSL_set_mode(this.g, this, 256L);
        i iVar5 = this.f11594a;
        if (!iVar5.f11645r) {
            if (iVar5.f11646s) {
                NativeCrypto.SSL_set_verify(this.g, this, 3);
            } else if (iVar5.f11647t) {
                NativeCrypto.SSL_set_verify(this.g, this, 1);
            } else {
                NativeCrypto.SSL_set_verify(this.g, this, 0);
                z11 = false;
            }
            if (z11 && (acceptedIssuers = this.f11594a.f11642n.getAcceptedIssuers()) != null && acceptedIssuers.length != 0) {
                try {
                    boolean z14 = j0.f14739a;
                    byte[][] bArr = new byte[acceptedIssuers.length];
                    for (int i10 = 0; i10 < acceptedIssuers.length; i10++) {
                        bArr[i10] = acceptedIssuers[i10].getSubjectX500Principal().getEncoded();
                    }
                    NativeCrypto.SSL_set_client_CA_list(this.g, this, bArr);
                } catch (CertificateEncodingException e11) {
                    throw new SSLException("Problem encoding principals", e11);
                }
            }
        }
        i iVar6 = this.f11594a;
        if (iVar6.E) {
            if (iVar6.f11645r) {
                throw new SSLHandshakeException("Invalid TLS channel ID key specified");
            }
            NativeCrypto.SSL_enable_tls_channel_id(this.g, this);
        }
    }

    public final void finalize() {
        try {
            a();
        } finally {
            super.finalize();
        }
    }

    public final boolean g() {
        return this.g == 0;
    }

    public final int i(FileDescriptor fileDescriptor, byte[] bArr, int i10, int i11, int i12) {
        this.f11599f.readLock().lock();
        try {
            if (g() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            return NativeCrypto.SSL_read(this.g, this, fileDescriptor, this.f11595b, bArr, i10, i11, i12);
        } finally {
            this.f11599f.readLock().unlock();
        }
    }

    public final void j(String str) {
        X509KeyManager x509KeyManager;
        PrivateKey privateKey;
        if (str == null || (x509KeyManager = this.f11594a.f11641m) == null || (privateKey = x509KeyManager.getPrivateKey(str)) == null) {
            return;
        }
        X509Certificate[] certificateChain = x509KeyManager.getCertificateChain(str);
        this.f11598e = certificateChain;
        if (certificateChain == null) {
            return;
        }
        int length = certificateChain.length;
        PublicKey publicKey = length > 0 ? certificateChain[0].getPublicKey() : null;
        byte[][] bArr = new byte[length];
        for (int i10 = 0; i10 < length; i10++) {
            bArr[i10] = this.f11598e[i10].getEncoded();
        }
        try {
            NativeCrypto.setLocalCertsAndPrivateKey(this.g, this, bArr, g.a(privateKey, publicKey).f11636a);
        } catch (InvalidKeyException e10) {
            throw new SSLException(e10);
        }
    }

    public final void k() {
        this.f11599f.readLock().lock();
        try {
            NativeCrypto.ENGINE_SSL_shutdown(this.g, this, this.f11595b);
        } finally {
            this.f11599f.readLock().unlock();
        }
    }

    public final boolean l() {
        this.f11599f.readLock().lock();
        try {
            return (NativeCrypto.SSL_get_shutdown(this.g, this) & 2) != 0;
        } finally {
            this.f11599f.readLock().unlock();
        }
    }

    public final boolean m() {
        this.f11599f.readLock().lock();
        try {
            return (NativeCrypto.SSL_get_shutdown(this.g, this) & 1) != 0;
        } finally {
            this.f11599f.readLock().unlock();
        }
    }

    public final void n(FileDescriptor fileDescriptor, byte[] bArr, int i10, int i11, int i12) {
        this.f11599f.readLock().lock();
        try {
            if (g() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_write(this.g, this, fileDescriptor, this.f11595b, bArr, i10, i11, i12);
        } finally {
            this.f11599f.readLock().unlock();
        }
    }
}
