package org.conscrypt;

import i10.r0;
import i10.w0;
import java.io.FileDescriptor;
import java.io.IOException;
import java.net.SocketException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import okhttp3.internal.http2.Http2Stream;
import org.conscrypt.NativeCrypto;
import org.conscrypt.j;

/* loaded from: classes2.dex */
public final class NativeSsl {

    /* renamed from: a, reason: collision with root package name */
    public final j f65989a;

    /* renamed from: b, reason: collision with root package name */
    public final NativeCrypto.SSLHandshakeCallbacks f65990b;

    /* renamed from: c, reason: collision with root package name */
    public final j.a f65991c;

    /* renamed from: d, reason: collision with root package name */
    public final j.b f65992d;

    /* renamed from: e, reason: collision with root package name */
    public X509Certificate[] f65993e;

    /* renamed from: f, reason: collision with root package name */
    public final ReadWriteLock f65994f = new ReentrantReadWriteLock();

    /* renamed from: g, reason: collision with root package name */
    public volatile long f65995g;

    /* loaded from: classes2.dex */
    public final class b {

        /* renamed from: a, reason: collision with root package name */
        public volatile long f65996a;

        public b() throws SSLException {
            this.f65996a = NativeCrypto.SSL_BIO_new(NativeSsl.this.f65995g, NativeSsl.this);
        }

        public void a() {
            NativeSsl.this.f65994f.writeLock().lock();
            try {
                long j11 = this.f65996a;
                this.f65996a = 0L;
                if (j11 != 0) {
                    NativeCrypto.BIO_free_all(j11);
                }
            } finally {
                NativeSsl.this.f65994f.writeLock().unlock();
            }
        }

        public int b() {
            NativeSsl.this.f65994f.readLock().lock();
            try {
                return this.f65996a == 0 ? 0 : NativeCrypto.SSL_pending_written_bytes_in_BIO(this.f65996a);
            } finally {
                NativeSsl.this.f65994f.readLock().unlock();
            }
        }

        public int c(long j11, int i11) throws IOException {
            NativeSsl.this.f65994f.readLock().lock();
            try {
                if (NativeSsl.this.z()) {
                    throw new SSLException("Connection closed");
                }
                return NativeCrypto.ENGINE_SSL_read_BIO_direct(NativeSsl.this.f65995g, NativeSsl.this, this.f65996a, j11, i11, NativeSsl.this.f65990b);
            } finally {
                NativeSsl.this.f65994f.readLock().unlock();
            }
        }

        public int d(long j11, int i11) throws IOException {
            NativeSsl.this.f65994f.readLock().lock();
            try {
                if (NativeSsl.this.z()) {
                    throw new SSLException("Connection closed");
                }
                return NativeCrypto.ENGINE_SSL_write_BIO_direct(NativeSsl.this.f65995g, NativeSsl.this, this.f65996a, j11, i11, NativeSsl.this.f65990b);
            } finally {
                NativeSsl.this.f65994f.readLock().unlock();
            }
        }
    }

    public NativeSsl(long j11, j jVar, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, j.a aVar, j.b bVar) {
        this.f65995g = j11;
        this.f65989a = jVar;
        this.f65990b = sSLHandshakeCallbacks;
        this.f65991c = aVar;
        this.f65992d = bVar;
    }

    public static NativeSsl B(j jVar, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, j.a aVar, j.b bVar) throws SSLException {
        AbstractSessionContext y10 = jVar.y();
        return new NativeSsl(NativeCrypto.SSL_new(y10.f65965c, y10), jVar, sSLHandshakeCallbacks, aVar, bVar);
    }

    public b A() {
        try {
            return new b();
        } catch (SSLException e11) {
            throw new RuntimeException(e11);
        }
    }

    public int C(FileDescriptor fileDescriptor, byte[] bArr, int i11, int i12, int i13) throws IOException {
        this.f65994f.readLock().lock();
        try {
            if (z() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            return NativeCrypto.SSL_read(this.f65995g, this, fileDescriptor, this.f65990b, bArr, i11, i12, i13);
        } finally {
            this.f65994f.readLock().unlock();
        }
    }

    public int D(long j11, int i11) throws IOException, CertificateException {
        this.f65994f.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_read_direct(this.f65995g, this, j11, i11, this.f65990b);
        } finally {
            this.f65994f.readLock().unlock();
        }
    }

    public final void E() throws SSLException {
        if (y()) {
            return;
        }
        if (this.f65989a.u()) {
            NativeCrypto.SSL_set_verify(this.f65995g, this, 3);
        } else {
            if (!this.f65989a.C()) {
                NativeCrypto.SSL_set_verify(this.f65995g, this, 0);
                return;
            }
            NativeCrypto.SSL_set_verify(this.f65995g, this, 1);
        }
        X509Certificate[] acceptedIssuers = this.f65989a.D().getAcceptedIssuers();
        if (acceptedIssuers == null || acceptedIssuers.length == 0) {
            return;
        }
        try {
            NativeCrypto.SSL_set_client_CA_list(this.f65995g, this, w0.g(acceptedIssuers));
        } catch (CertificateEncodingException e11) {
            throw new SSLException("Problem encoding principals", e11);
        }
    }

    public void F(long j11) {
        NativeCrypto.SSL_set_timeout(this.f65995g, this, j11);
    }

    public final void G(h hVar) throws SSLException {
        j jVar = this.f65989a;
        if (jVar.f66111x) {
            if (!jVar.A()) {
                NativeCrypto.SSL_enable_tls_channel_id(this.f65995g, this);
            } else {
                if (hVar == null) {
                    throw new SSLHandshakeException("Invalid TLS channel ID key specified");
                }
                NativeCrypto.SSL_set1_tls_channel_id(this.f65995g, this, hVar.a());
            }
        }
    }

    public void H() throws IOException {
        this.f65994f.readLock().lock();
        try {
            NativeCrypto.ENGINE_SSL_shutdown(this.f65995g, this, this.f65990b);
        } finally {
            this.f65994f.readLock().unlock();
        }
    }

    public void I(FileDescriptor fileDescriptor) throws IOException {
        NativeCrypto.SSL_shutdown(this.f65995g, this, fileDescriptor, this.f65990b);
    }

    public boolean J() {
        this.f65994f.readLock().lock();
        try {
            return (NativeCrypto.SSL_get_shutdown(this.f65995g, this) & 2) != 0;
        } finally {
            this.f65994f.readLock().unlock();
        }
    }

    public boolean K() {
        this.f65994f.readLock().lock();
        try {
            return (NativeCrypto.SSL_get_shutdown(this.f65995g, this) & 1) != 0;
        } finally {
            this.f65994f.readLock().unlock();
        }
    }

    public void L(FileDescriptor fileDescriptor, byte[] bArr, int i11, int i12, int i13) throws IOException {
        this.f65994f.readLock().lock();
        try {
            if (z() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_write(this.f65995g, this, fileDescriptor, this.f65990b, bArr, i11, i12, i13);
        } finally {
            this.f65994f.readLock().unlock();
        }
    }

    public int M(long j11, int i11) throws IOException {
        this.f65994f.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_write_direct(this.f65995g, this, j11, i11, this.f65990b);
        } finally {
            this.f65994f.readLock().unlock();
        }
    }

    public void d() {
        this.f65994f.writeLock().lock();
        try {
            if (!z()) {
                long j11 = this.f65995g;
                this.f65995g = 0L;
                NativeCrypto.SSL_free(j11, this);
            }
        } finally {
            this.f65994f.writeLock().unlock();
        }
    }

    public int e() throws IOException {
        this.f65994f.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_do_handshake(this.f65995g, this, this.f65990b);
        } finally {
            this.f65994f.readLock().unlock();
        }
    }

    public void f(FileDescriptor fileDescriptor, int i11) throws CertificateException, IOException {
        this.f65994f.readLock().lock();
        try {
            if (z() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_do_handshake(this.f65995g, this, fileDescriptor, this.f65990b, i11);
        } finally {
            this.f65994f.readLock().unlock();
        }
    }

    public final void finalize() throws Throwable {
        try {
            d();
        } finally {
            super.finalize();
        }
    }

    public final void g() throws SSLException {
        r0 w10 = this.f65989a.w();
        if (w10 != null) {
            for (String str : this.f65989a.f66095h) {
                if (str != null && str.contains("PSK")) {
                    if (y()) {
                        NativeCrypto.set_SSL_psk_client_callback_enabled(this.f65995g, this, true);
                        return;
                    }
                    NativeCrypto.set_SSL_psk_server_callback_enabled(this.f65995g, this, true);
                    NativeCrypto.SSL_use_psk_identity_hint(this.f65995g, this, this.f65992d.a(w10));
                    return;
                }
            }
        }
    }

    public void h() throws IOException {
        this.f65994f.readLock().lock();
        try {
            NativeCrypto.ENGINE_SSL_force_read(this.f65995g, this, this.f65990b);
        } finally {
            this.f65994f.readLock().unlock();
        }
    }

    public byte[] i() {
        return NativeCrypto.getApplicationProtocol(this.f65995g, this);
    }

    public String j() {
        return NativeCrypto.e(NativeCrypto.SSL_get_current_cipher(this.f65995g, this));
    }

    public int k(int i11) {
        return NativeCrypto.SSL_get_error(this.f65995g, this, i11);
    }

    public X509Certificate[] l() {
        return this.f65993e;
    }

    public int m() {
        return NativeCrypto.SSL_max_seal_overhead(this.f65995g, this);
    }

    public byte[] n() {
        return NativeCrypto.SSL_get_ocsp_response(this.f65995g, this);
    }

    public X509Certificate[] o() throws CertificateException {
        byte[][] SSL_get0_peer_certificates = NativeCrypto.SSL_get0_peer_certificates(this.f65995g, this);
        if (SSL_get0_peer_certificates == null) {
            return null;
        }
        return w0.e(SSL_get0_peer_certificates);
    }

    public byte[] p() {
        return NativeCrypto.SSL_get_signed_cert_timestamp_list(this.f65995g, this);
    }

    public int q() {
        this.f65994f.readLock().lock();
        try {
            if (!z()) {
                return NativeCrypto.SSL_pending_readable_bytes(this.f65995g, this);
            }
            this.f65994f.readLock().unlock();
            return 0;
        } finally {
            this.f65994f.readLock().unlock();
        }
    }

    public String r() {
        return NativeCrypto.SSL_get_servername(this.f65995g, this);
    }

    public byte[] s() {
        return NativeCrypto.SSL_session_id(this.f65995g, this);
    }

    public long t() {
        return NativeCrypto.SSL_get_time(this.f65995g, this);
    }

    public long u() {
        return NativeCrypto.SSL_get_timeout(this.f65995g, this);
    }

    public String v() {
        return NativeCrypto.SSL_get_version(this.f65995g, this);
    }

    public void w(String str, h hVar) throws IOException {
        if (!this.f65989a.q()) {
            NativeCrypto.SSL_set_session_creation_enabled(this.f65995g, this, false);
        }
        NativeCrypto.SSL_accept_renegotiations(this.f65995g, this);
        if (y()) {
            NativeCrypto.SSL_set_connect_state(this.f65995g, this);
            NativeCrypto.SSL_enable_ocsp_stapling(this.f65995g, this);
            if (this.f65989a.E(str)) {
                NativeCrypto.SSL_enable_signed_cert_timestamps(this.f65995g, this);
            }
        } else {
            NativeCrypto.SSL_set_accept_state(this.f65995g, this);
            if (this.f65989a.v() != null) {
                NativeCrypto.SSL_enable_ocsp_stapling(this.f65995g, this);
            }
        }
        if (this.f65989a.s().length == 0 && this.f65989a.f66094g) {
            throw new SSLHandshakeException("No enabled protocols; SSLv3 is no longer supported and was filtered from the list");
        }
        NativeCrypto.k(this.f65995g, this, this.f65989a.f66093f);
        long j11 = this.f65995g;
        j jVar = this.f65989a;
        NativeCrypto.j(j11, this, jVar.f66095h, jVar.f66093f);
        if (this.f65989a.f66107t.length > 0) {
            NativeCrypto.setApplicationProtocols(this.f65995g, this, y(), this.f65989a.f66107t);
        }
        if (!y() && this.f65989a.f66108u != null) {
            NativeCrypto.setHasApplicationProtocolSelector(this.f65995g, this, true);
        }
        if (!y()) {
            NativeCrypto.SSL_set_options(this.f65995g, this, 4194304L);
            if (this.f65989a.f66105r != null) {
                NativeCrypto.SSL_set_signed_cert_timestamp_list(this.f65995g, this, this.f65989a.f66105r);
            }
            if (this.f65989a.f66106s != null) {
                NativeCrypto.SSL_set_ocsp_response(this.f65995g, this, this.f65989a.f66106s);
            }
        }
        g();
        if (this.f65989a.f66109v) {
            NativeCrypto.SSL_clear_options(this.f65995g, this, Http2Stream.EMIT_BUFFER_SIZE);
        } else {
            NativeCrypto.SSL_set_options(this.f65995g, this, NativeCrypto.SSL_get_options(this.f65995g, this) | Http2Stream.EMIT_BUFFER_SIZE);
        }
        if (this.f65989a.B() && i10.d.b(str)) {
            NativeCrypto.SSL_set_tlsext_host_name(this.f65995g, this, str);
        }
        NativeCrypto.SSL_set_mode(this.f65995g, this, 256L);
        E();
        G(hVar);
    }

    public void x() {
        NativeCrypto.SSL_interrupt(this.f65995g, this);
    }

    public final boolean y() {
        return this.f65989a.A();
    }

    public boolean z() {
        return this.f65995g == 0;
    }
}
