package org.conscrypt;

import java.io.FileDescriptor;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.SocketException;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;
import org.conscrypt.NativeCrypto;
import org.conscrypt.Pa;

/* JADX INFO: Access modifiers changed from: package-private */
/* renamed from: org.conscrypt.fa, reason: case insensitive filesystem */
/* loaded from: classes3.dex */
public final class C0883fa {

    /* renamed from: a, reason: collision with root package name */
    private volatile long f32799a;

    /* renamed from: a, reason: collision with other field name */
    private final ReadWriteLock f20487a = new ReentrantReadWriteLock();

    /* renamed from: a, reason: collision with other field name */
    private final NativeCrypto.b f20488a;

    /* renamed from: a, reason: collision with other field name */
    private final Pa.a f20489a;

    /* renamed from: a, reason: collision with other field name */
    private final Pa.b f20490a;

    /* renamed from: a, reason: collision with other field name */
    private final Pa f20491a;

    /* renamed from: a, reason: collision with other field name */
    private X509Certificate[] f20492a;

    /* renamed from: org.conscrypt.fa$a */
    /* loaded from: classes3.dex */
    final class a {

        /* renamed from: a, reason: collision with root package name */
        private volatile long f32800a;

        private a() throws SSLException {
            this.f32800a = NativeCrypto.SSL_BIO_new(C0883fa.this.f32799a, C0883fa.this);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int a() {
            C0883fa.this.f20487a.readLock().lock();
            try {
                return this.f32800a == 0 ? 0 : NativeCrypto.SSL_pending_written_bytes_in_BIO(this.f32800a);
            } finally {
                C0883fa.this.f20487a.readLock().unlock();
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int a(long j, int i) throws IOException {
            C0883fa.this.f20487a.readLock().lock();
            try {
                if (C0883fa.this.m5486a()) {
                    throw new SSLException("Connection closed");
                }
                return NativeCrypto.ENGINE_SSL_read_BIO_direct(C0883fa.this.f32799a, C0883fa.this, this.f32800a, j, i, C0883fa.this.f20488a);
            } finally {
                C0883fa.this.f20487a.readLock().unlock();
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* renamed from: a, reason: collision with other method in class */
        public void m5503a() {
            C0883fa.this.f20487a.writeLock().lock();
            try {
                long j = this.f32800a;
                this.f32800a = 0L;
                if (j != 0) {
                    NativeCrypto.BIO_free_all(j);
                }
            } finally {
                C0883fa.this.f20487a.writeLock().unlock();
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int b(long j, int i) throws IOException {
            C0883fa.this.f20487a.readLock().lock();
            try {
                if (C0883fa.this.m5486a()) {
                    throw new SSLException("Connection closed");
                }
                return NativeCrypto.ENGINE_SSL_write_BIO_direct(C0883fa.this.f32799a, C0883fa.this, this.f32800a, j, i, C0883fa.this.f20488a);
            } finally {
                C0883fa.this.f20487a.readLock().unlock();
            }
        }
    }

    private C0883fa(long j, Pa pa, NativeCrypto.b bVar, Pa.a aVar, Pa.b bVar2) {
        this.f32799a = j;
        this.f20491a = pa;
        this.f20488a = bVar;
        this.f20489a = aVar;
        this.f20490a = bVar2;
    }

    private Set<String> a() {
        HashSet hashSet = new HashSet();
        for (long j : NativeCrypto.SSL_get_ciphers(this.f32799a, this)) {
            String a2 = Ra.a(j);
            if (a2 != null) {
                hashSet.add(a2);
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static C0883fa a(Pa pa, NativeCrypto.b bVar, Pa.a aVar, Pa.b bVar2) throws SSLException {
        AbstractC0882f m5454a = pa.m5454a();
        return new C0883fa(NativeCrypto.SSL_new(m5454a.f20485a, m5454a), pa, bVar, aVar, bVar2);
    }

    private void a(String str) throws CertificateEncodingException, SSLException {
        X509KeyManager m5451a;
        PrivateKey privateKey;
        if (str == null || (m5451a = this.f20491a.m5451a()) == null || (privateKey = m5451a.getPrivateKey(str)) == null) {
            return;
        }
        this.f20492a = m5451a.getCertificateChain(str);
        X509Certificate[] x509CertificateArr = this.f20492a;
        if (x509CertificateArr == null) {
            return;
        }
        int length = x509CertificateArr.length;
        PublicKey publicKey = length > 0 ? x509CertificateArr[0].getPublicKey() : null;
        byte[][] bArr = new byte[length];
        for (int i = 0; i < length; i++) {
            bArr[i] = this.f20492a[i].getEncoded();
        }
        try {
            NativeCrypto.setLocalCertsAndPrivateKey(this.f32799a, this, bArr, C0910ta.a(privateKey, publicKey).m5544a());
        } catch (InvalidKeyException e) {
            throw new SSLException(e);
        }
    }

    private void a(C0910ta c0910ta) throws SSLException {
        Pa pa = this.f20491a;
        if (pa.i) {
            if (!pa.d()) {
                NativeCrypto.SSL_enable_tls_channel_id(this.f32799a, this);
            } else {
                if (c0910ta == null) {
                    throw new SSLHandshakeException("Invalid TLS channel ID key specified");
                }
                NativeCrypto.SSL_set1_tls_channel_id(this.f32799a, this, c0910ta.m5544a());
            }
        }
    }

    private void b(String str) throws SSLHandshakeException {
        if (C0886h.b(str) && !La.a(this.f20491a, str)) {
            throw new SSLHandshakeException("SNI match failed: " + str);
        }
    }

    private boolean d() {
        return this.f20491a.d();
    }

    private void f() throws SSLException {
        PSKKeyManager m5453a = this.f20491a.m5453a();
        if (m5453a != null) {
            String[] strArr = this.f20491a.f20427c;
            int length = strArr.length;
            boolean z = false;
            int i = 0;
            while (true) {
                if (i < length) {
                    String str = strArr[i];
                    if (str != null && str.contains("PSK")) {
                        z = true;
                        break;
                    }
                    i++;
                } else {
                    break;
                }
            }
            if (z) {
                if (d()) {
                    NativeCrypto.set_SSL_psk_client_callback_enabled(this.f32799a, this, true);
                    return;
                }
                NativeCrypto.set_SSL_psk_server_callback_enabled(this.f32799a, this, true);
                NativeCrypto.SSL_use_psk_identity_hint(this.f32799a, this, this.f20490a.a(m5453a));
            }
        }
    }

    private void g() throws SSLException {
        X509Certificate[] acceptedIssuers;
        if (d()) {
            return;
        }
        boolean z = true;
        if (this.f20491a.m5461b()) {
            NativeCrypto.SSL_set_verify(this.f32799a, this, 3);
        } else if (this.f20491a.f()) {
            NativeCrypto.SSL_set_verify(this.f32799a, this, 1);
        } else {
            NativeCrypto.SSL_set_verify(this.f32799a, this, 0);
            z = false;
        }
        if (!z || (acceptedIssuers = this.f20491a.m5460b().getAcceptedIssuers()) == null || acceptedIssuers.length == 0) {
            return;
        }
        try {
            NativeCrypto.SSL_set_client_CA_list(this.f32799a, this, Ra.m5469a(acceptedIssuers));
        } catch (CertificateEncodingException e) {
            throw new SSLException("Problem encoding principals", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: a, reason: collision with other method in class */
    public int m5480a() throws IOException {
        this.f20487a.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_do_handshake(this.f32799a, this, this.f20488a);
        } finally {
            this.f20487a.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int a(int i) {
        return NativeCrypto.SSL_get_error(this.f32799a, this, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int a(long j, int i) throws IOException, CertificateException {
        this.f20487a.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_read_direct(this.f32799a, this, j, i, this.f20488a);
        } finally {
            this.f20487a.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int a(FileDescriptor fileDescriptor, byte[] bArr, int i, int i2, int i3) throws IOException {
        this.f20487a.readLock().lock();
        try {
            if (m5486a() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            return NativeCrypto.SSL_read(this.f32799a, this, fileDescriptor, this.f20488a, bArr, i, i2, i3);
        } finally {
            this.f20487a.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int a(String str, String str2, byte[] bArr) {
        byte[] encoded;
        PSKKeyManager m5453a = this.f20491a.m5453a();
        if (m5453a == null || (encoded = this.f20490a.a(m5453a, str, str2).getEncoded()) == null || encoded.length > bArr.length) {
            return 0;
        }
        System.arraycopy(encoded, 0, bArr, 0, encoded.length);
        return encoded.length;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int a(String str, byte[] bArr, byte[] bArr2) {
        byte[] bytes;
        PSKKeyManager m5453a = this.f20491a.m5453a();
        if (m5453a == null) {
            return 0;
        }
        String a2 = this.f20490a.a(m5453a, str);
        if (a2 == null) {
            bytes = E.f32695a;
            a2 = "";
        } else if (a2.isEmpty()) {
            bytes = E.f32695a;
        } else {
            try {
                bytes = a2.getBytes("UTF-8");
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException("UTF-8 encoding not supported", e);
            }
        }
        if (bytes.length + 1 > bArr.length) {
            return 0;
        }
        if (bytes.length > 0) {
            System.arraycopy(bytes, 0, bArr, 0, bytes.length);
        }
        bArr[bytes.length] = 0;
        byte[] encoded = this.f20490a.a(m5453a, str, a2).getEncoded();
        if (encoded == null || encoded.length > bArr2.length) {
            return 0;
        }
        System.arraycopy(encoded, 0, bArr2, 0, encoded.length);
        return encoded.length;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: a, reason: collision with other method in class */
    public long m5481a() {
        return NativeCrypto.SSL_get_time(this.f32799a, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: a, reason: collision with other method in class */
    public String m5482a() {
        return NativeCrypto.b(NativeCrypto.SSL_get_current_cipher(this.f32799a, this));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: a, reason: collision with other method in class */
    public a m5483a() {
        try {
            return new a();
        } catch (SSLException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: a, reason: collision with other method in class */
    public void m5484a() {
        this.f20487a.writeLock().lock();
        try {
            if (!m5486a()) {
                long j = this.f32799a;
                this.f32799a = 0L;
                NativeCrypto.SSL_free(j, this);
            }
        } finally {
            this.f20487a.writeLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(long j) throws SSLException {
        NativeCrypto.SSL_set_session(this.f32799a, this, j);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(FileDescriptor fileDescriptor) throws IOException {
        NativeCrypto.SSL_shutdown(this.f32799a, this, fileDescriptor, this.f20488a);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(FileDescriptor fileDescriptor, int i) throws CertificateException, IOException {
        this.f20487a.readLock().lock();
        try {
            if (m5486a() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_do_handshake(this.f32799a, this, fileDescriptor, this.f20488a, i);
        } finally {
            this.f20487a.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: a, reason: collision with other method in class */
    public void m5485a(FileDescriptor fileDescriptor, byte[] bArr, int i, int i2, int i3) throws IOException {
        this.f20487a.readLock().lock();
        try {
            if (m5486a() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_write(this.f32799a, this, fileDescriptor, this.f20488a, bArr, i, i2, i3);
        } finally {
            this.f20487a.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(String str, C0910ta c0910ta) throws IOException {
        if (!this.f20491a.m5456a()) {
            NativeCrypto.SSL_set_session_creation_enabled(this.f32799a, this, false);
        }
        NativeCrypto.SSL_accept_renegotiations(this.f32799a, this);
        if (d()) {
            NativeCrypto.SSL_set_connect_state(this.f32799a, this);
            NativeCrypto.SSL_enable_ocsp_stapling(this.f32799a, this);
            if (this.f20491a.m5457a(str)) {
                NativeCrypto.SSL_enable_signed_cert_timestamps(this.f32799a, this);
            }
        } else {
            NativeCrypto.SSL_set_accept_state(this.f32799a, this);
            if (this.f20491a.m5458a() != null) {
                NativeCrypto.SSL_enable_ocsp_stapling(this.f32799a, this);
            }
        }
        if (this.f20491a.m5464c().length == 0 && this.f20491a.f20420a) {
            throw new SSLHandshakeException("No enabled protocols; SSLv3 is no longer supported and was filtered from the list");
        }
        NativeCrypto.a(this.f32799a, this, this.f20491a.f20425b);
        long j = this.f32799a;
        Pa pa = this.f20491a;
        NativeCrypto.a(j, this, pa.f20427c, pa.f20425b);
        if (this.f20491a.f20426c.length > 0) {
            NativeCrypto.setApplicationProtocols(this.f32799a, this, d(), this.f20491a.f20426c);
        }
        if (!d() && this.f20491a.f20419a != null) {
            NativeCrypto.setHasApplicationProtocolSelector(this.f32799a, this, true);
        }
        if (!d()) {
            NativeCrypto.SSL_set_options(this.f32799a, this, 4194304L);
            if (this.f20491a.f20421a != null) {
                NativeCrypto.SSL_set_signed_cert_timestamp_list(this.f32799a, this, this.f20491a.f20421a);
            }
            if (this.f20491a.f20424b != null) {
                NativeCrypto.SSL_set_ocsp_response(this.f32799a, this, this.f20491a.f20424b);
            }
        }
        f();
        if (this.f20491a.h) {
            NativeCrypto.SSL_clear_options(this.f32799a, this, 16384L);
        } else {
            NativeCrypto.SSL_set_options(this.f32799a, this, 16384 | NativeCrypto.SSL_get_options(this.f32799a, this));
        }
        if (this.f20491a.e() && C0886h.b(str)) {
            NativeCrypto.SSL_set_tlsext_host_name(this.f32799a, this, str);
        }
        NativeCrypto.SSL_set_mode(this.f32799a, this, 256L);
        g();
        a(c0910ta);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(byte[] bArr, int[] iArr, byte[][] bArr2) throws SSLException, CertificateEncodingException {
        X500Principal[] x500PrincipalArr;
        Set<String> a2 = Ra.a(bArr, iArr);
        String[] strArr = (String[]) a2.toArray(new String[a2.size()]);
        if (bArr2 == null) {
            x500PrincipalArr = null;
        } else {
            x500PrincipalArr = new X500Principal[bArr2.length];
            for (int i = 0; i < bArr2.length; i++) {
                x500PrincipalArr[i] = new X500Principal(bArr2[i]);
            }
        }
        X509KeyManager m5451a = this.f20491a.m5451a();
        a(m5451a != null ? this.f20489a.a(m5451a, x500PrincipalArr, strArr) : null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: a, reason: collision with other method in class */
    public boolean m5486a() {
        return this.f32799a == 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: a, reason: collision with other method in class */
    public byte[] m5487a() {
        return NativeCrypto.getApplicationProtocol(this.f32799a, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] a(String str, byte[] bArr, int i) throws SSLException {
        if (str == null) {
            throw new NullPointerException("Label is null");
        }
        return NativeCrypto.SSL_export_keying_material(this.f32799a, this, str.getBytes(Charset.forName("US-ASCII")), bArr, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: a, reason: collision with other method in class */
    public X509Certificate[] m5488a() {
        return this.f20492a;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int b() {
        return NativeCrypto.SSL_max_seal_overhead(this.f32799a, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int b(long j, int i) throws IOException {
        this.f20487a.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_write_direct(this.f32799a, this, j, i, this.f20488a);
        } finally {
            this.f20487a.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: b, reason: collision with other method in class */
    public long m5489b() {
        return NativeCrypto.SSL_get_timeout(this.f32799a, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: b, reason: collision with other method in class */
    public String m5490b() {
        return NativeCrypto.SSL_get_servername(this.f32799a, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: b, reason: collision with other method in class */
    public void m5491b() throws IOException {
        X509KeyManager m5451a;
        b(m5490b());
        if (d() || (m5451a = this.f20491a.m5451a()) == null) {
            return;
        }
        Iterator<String> it = a().iterator();
        while (it.hasNext()) {
            try {
                a(this.f20489a.a(m5451a, it.next()));
            } catch (CertificateEncodingException e) {
                throw new IOException(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void b(long j) {
        NativeCrypto.SSL_set_timeout(this.f32799a, this, j);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: b, reason: collision with other method in class */
    public boolean m5492b() {
        this.f20487a.readLock().lock();
        try {
            return (NativeCrypto.SSL_get_shutdown(this.f32799a, this) & 2) != 0;
        } finally {
            this.f20487a.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: b, reason: collision with other method in class */
    public byte[] m5493b() {
        return NativeCrypto.SSL_get_ocsp_response(this.f32799a, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: b, reason: collision with other method in class */
    public X509Certificate[] m5494b() throws CertificateException {
        byte[][] SSL_get0_peer_certificates = NativeCrypto.SSL_get0_peer_certificates(this.f32799a, this);
        if (SSL_get0_peer_certificates == null) {
            return null;
        }
        return Ra.a(SSL_get0_peer_certificates);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int c() {
        this.f20487a.readLock().lock();
        try {
            return !m5486a() ? NativeCrypto.SSL_pending_readable_bytes(this.f32799a, this) : 0;
        } finally {
            this.f20487a.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: c, reason: collision with other method in class */
    public String m5495c() {
        return NativeCrypto.SSL_get_version(this.f32799a, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: c, reason: collision with other method in class */
    public void m5496c() throws IOException {
        this.f20487a.readLock().lock();
        try {
            NativeCrypto.ENGINE_SSL_force_read(this.f32799a, this, this.f20488a);
        } finally {
            this.f20487a.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: c, reason: collision with other method in class */
    public boolean m5497c() {
        this.f20487a.readLock().lock();
        try {
            return (NativeCrypto.SSL_get_shutdown(this.f32799a, this) & 1) != 0;
        } finally {
            this.f20487a.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: c, reason: collision with other method in class */
    public byte[] m5498c() {
        return NativeCrypto.SSL_get_signed_cert_timestamp_list(this.f32799a, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: d, reason: collision with other method in class */
    public void m5499d() {
        NativeCrypto.SSL_interrupt(this.f32799a, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: d, reason: collision with other method in class */
    public byte[] m5500d() {
        return NativeCrypto.SSL_session_id(this.f32799a, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void e() throws IOException {
        this.f20487a.readLock().lock();
        try {
            NativeCrypto.ENGINE_SSL_shutdown(this.f32799a, this, this.f20488a);
        } finally {
            this.f20487a.readLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: e, reason: collision with other method in class */
    public byte[] m5501e() throws SSLException {
        return NativeCrypto.SSL_get_tls_channel_id(this.f32799a, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: f, reason: collision with other method in class */
    public byte[] m5502f() {
        return NativeCrypto.SSL_get_tls_unique(this.f32799a, this);
    }

    protected final void finalize() throws Throwable {
        try {
            m5484a();
        } finally {
            super.finalize();
        }
    }
}
