package org.openjsse.sun.security.ssl;

import java.io.IOException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import org.openjsse.javax.net.ssl.SSLSocket;
import org.openjsse.sun.security.ssl.Alert;
import org.openjsse.sun.security.ssl.SupportedGroupsExtension;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class TransportContext implements ConnectionContext {
    private static final byte[] emptyByteArray = new byte[0];
    final AccessControlContext acc;
    String applicationProtocol;
    CipherSuite cipherSuite;
    byte[] clientVerifyData;
    Exception closeReason;
    SSLSessionImpl conSession;
    final Map<Byte, SSLConsumer> consumers;
    Exception delegatedThrown;
    HandshakeContext handshakeContext;
    final InputRecord inputRecord;
    boolean isBroken;
    boolean isInputCloseNotified;
    boolean isNegotiated;
    boolean isUnsureMode;
    final OutputRecord outputRecord;
    boolean peerUserCanceled;
    ProtocolVersion protocolVersion;
    boolean secureRenegotiation;
    List<SupportedGroupsExtension.NamedGroup> serverRequestedNamedGroups;
    byte[] serverVerifyData;
    final SSLConfiguration sslConfig;
    final SSLContextImpl sslContext;
    final SSLTransport transport;

    /* renamed from: org.openjsse.sun.security.ssl.TransportContext$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$openjsse$sun$security$ssl$ContentType;

        static {
            int[] iArr = new int[ContentType.values().length];
            $SwitchMap$org$openjsse$sun$security$ssl$ContentType = iArr;
            try {
                iArr[ContentType.HANDSHAKE.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$openjsse$sun$security$ssl$ContentType[ContentType.ALERT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes2.dex */
    public static class NotifyHandshake implements Runnable {
        private final HandshakeCompletedEvent event;
        private final Set<Map.Entry<HandshakeCompletedListener, AccessControlContext>> targets;

        public NotifyHandshake(Map<HandshakeCompletedListener, AccessControlContext> map, HandshakeCompletedEvent handshakeCompletedEvent) {
            this.targets = new HashSet(map.entrySet());
            this.event = handshakeCompletedEvent;
        }

        @Override // java.lang.Runnable
        public void run() {
            for (Map.Entry<HandshakeCompletedListener, AccessControlContext> entry : this.targets) {
                final HandshakeCompletedListener key = entry.getKey();
                AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: org.openjsse.sun.security.ssl.TransportContext.NotifyHandshake.1
                    @Override // java.security.PrivilegedAction
                    public Void run() {
                        key.handshakeCompleted(NotifyHandshake.this.event);
                        return null;
                    }
                }, entry.getValue());
            }
        }
    }

    public TransportContext(SSLContextImpl sSLContextImpl, SSLTransport sSLTransport, InputRecord inputRecord, OutputRecord outputRecord) {
        this(sSLContextImpl, sSLTransport, new SSLConfiguration(sSLContextImpl, false), inputRecord, outputRecord, true);
    }

    public TransportContext(SSLContextImpl sSLContextImpl, SSLTransport sSLTransport, InputRecord inputRecord, OutputRecord outputRecord, boolean z8) {
        this(sSLContextImpl, sSLTransport, new SSLConfiguration(sSLContextImpl, z8), inputRecord, outputRecord, false);
    }

    public TransportContext(SSLContextImpl sSLContextImpl, SSLTransport sSLTransport, SSLConfiguration sSLConfiguration, InputRecord inputRecord, OutputRecord outputRecord) {
        this(sSLContextImpl, sSLTransport, (SSLConfiguration) sSLConfiguration.clone(), inputRecord, outputRecord, false);
    }

    private TransportContext(SSLContextImpl sSLContextImpl, SSLTransport sSLTransport, SSLConfiguration sSLConfiguration, InputRecord inputRecord, OutputRecord outputRecord, boolean z8) {
        this.isNegotiated = false;
        this.isBroken = false;
        this.isInputCloseNotified = false;
        this.peerUserCanceled = false;
        this.closeReason = null;
        this.delegatedThrown = null;
        this.applicationProtocol = null;
        this.handshakeContext = null;
        this.secureRenegotiation = false;
        this.transport = sSLTransport;
        this.sslContext = sSLContextImpl;
        this.inputRecord = inputRecord;
        this.outputRecord = outputRecord;
        this.sslConfig = sSLConfiguration;
        if (sSLConfiguration.maximumPacketSize == 0) {
            sSLConfiguration.maximumPacketSize = outputRecord.getMaxPacketSize();
        }
        this.isUnsureMode = z8;
        this.conSession = new SSLSessionImpl();
        this.protocolVersion = sSLConfiguration.maximumProtocolVersion;
        byte[] bArr = emptyByteArray;
        this.clientVerifyData = bArr;
        this.serverVerifyData = bArr;
        this.acc = AccessController.getContext();
        this.consumers = new HashMap();
    }

    private void initiateInboundClose() {
        if (isInboundClosed()) {
            return;
        }
        this.inputRecord.close();
    }

    private void initiateOutboundClose() {
        closeNotify((this.isNegotiated || this.handshakeContext == null || this.peerUserCanceled) ? false : true);
    }

    private void passiveInboundClose() {
        HandshakeContext handshakeContext;
        ProtocolVersion protocolVersion;
        if (!isInboundClosed()) {
            this.inputRecord.close();
        }
        if (isOutboundClosed()) {
            return;
        }
        boolean z8 = SSLConfiguration.acknowledgeCloseNotify;
        if ((z8 || (!this.isNegotiated ? !((handshakeContext = this.handshakeContext) == null || ((protocolVersion = handshakeContext.negotiatedProtocol) != null && protocolVersion.useTLS13PlusSpec())) : !this.protocolVersion.useTLS13PlusSpec())) && !z8) {
            return;
        }
        closeNotify(false);
    }

    public void closeInbound() {
        if (isInboundClosed()) {
            return;
        }
        try {
            if (this.isInputCloseNotified) {
                passiveInboundClose();
            } else {
                initiateInboundClose();
            }
        } catch (IOException e9) {
            if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                SSLLogger.warning("inbound closure failed", e9);
            }
        }
    }

    public void closeNotify(boolean z8) {
        SSLTransport sSLTransport = this.transport;
        if (sSLTransport instanceof SSLSocketImpl) {
            ((SSLSocketImpl) sSLTransport).closeNotify(z8);
            return;
        }
        synchronized (this.outputRecord) {
            try {
                if (z8) {
                    try {
                        warning(Alert.USER_CANCELED);
                    } catch (Throwable th) {
                        this.outputRecord.close();
                        throw th;
                    }
                }
                warning(Alert.CLOSE_NOTIFY);
                this.outputRecord.close();
            } catch (Throwable th2) {
                throw th2;
            }
        }
    }

    public void closeOutbound() {
        if (isOutboundClosed()) {
            return;
        }
        try {
            initiateOutboundClose();
        } catch (IOException e9) {
            if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                SSLLogger.warning("outbound closure failed", e9);
            }
        }
    }

    public void dispatch(Plaintext plaintext) {
        if (plaintext == null) {
            return;
        }
        ContentType valueOf = ContentType.valueOf(plaintext.contentType);
        if (valueOf == null) {
            throw fatal(Alert.UNEXPECTED_MESSAGE, "Unknown content type: " + ((int) plaintext.contentType));
        }
        int i8 = AnonymousClass1.$SwitchMap$org$openjsse$sun$security$ssl$ContentType[valueOf.ordinal()];
        if (i8 != 1) {
            if (i8 == 2) {
                Alert.alertConsumer.consume(this, plaintext.fragment);
                return;
            }
            SSLConsumer sSLConsumer = this.consumers.get(Byte.valueOf(plaintext.contentType));
            if (sSLConsumer != null) {
                sSLConsumer.consume(this, plaintext.fragment);
                return;
            }
            throw fatal(Alert.UNEXPECTED_MESSAGE, "Unexpected content: " + ((int) plaintext.contentType));
        }
        byte handshakeType = HandshakeContext.getHandshakeType(this, plaintext);
        if (this.handshakeContext == null) {
            if (handshakeType != SSLHandshake.KEY_UPDATE.id && handshakeType != SSLHandshake.NEW_SESSION_TICKET.id) {
                this.handshakeContext = this.sslConfig.isClientMode ? new ClientHandshakeContext(this.sslContext, this) : new ServerHandshakeContext(this.sslContext, this);
                this.outputRecord.initHandshaker();
            } else {
                if (!this.isNegotiated) {
                    throw fatal(Alert.UNEXPECTED_MESSAGE, "Unexpected unnegotiated post-handshake message: " + SSLHandshake.nameOf(handshakeType));
                }
                if (!PostHandshakeContext.isConsumable(this, handshakeType)) {
                    throw fatal(Alert.UNEXPECTED_MESSAGE, "Unexpected post-handshake message: " + SSLHandshake.nameOf(handshakeType));
                }
                this.handshakeContext = new PostHandshakeContext(this);
            }
        }
        this.handshakeContext.dispatch(handshakeType, plaintext);
    }

    public SSLException fatal(Alert alert, String str) {
        return fatal(alert, str, null);
    }

    public SSLException fatal(Alert alert, String str, Throwable th) {
        return fatal(alert, str, false, th);
    }

    public SSLException fatal(Alert alert, String str, boolean z8, Throwable th) {
        SSLSessionImpl sSLSessionImpl;
        if (this.closeReason != null) {
            if (th == null) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                    SSLLogger.warning("Closed transport, general or untracked problem", new Object[0]);
                }
                throw alert.createSSLException("Closed transport, general or untracked problem");
            }
            if (th instanceof SSLException) {
                throw ((SSLException) th);
            }
            if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                SSLLogger.warning("Closed transport, unexpected rethrowing", th);
            }
            throw alert.createSSLException("Unexpected rethrowing", th);
        }
        if (str == null) {
            str = th == null ? "General/Untracked problem" : th.getMessage();
        }
        if (th == null) {
            th = alert.createSSLException(str);
        }
        if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
            SSLLogger.severe("Fatal (" + alert + "): " + str, th);
        }
        if (th instanceof SSLException) {
            this.closeReason = (SSLException) th;
        } else {
            this.closeReason = alert.createSSLException(str, th);
        }
        try {
            this.inputRecord.close();
        } catch (IOException e9) {
            if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                SSLLogger.warning("Fatal: input record closure failed", e9);
            }
            this.closeReason.addSuppressed(e9);
        }
        SSLSessionImpl sSLSessionImpl2 = this.conSession;
        if (sSLSessionImpl2 != null) {
            sSLSessionImpl2.invalidate();
        }
        HandshakeContext handshakeContext = this.handshakeContext;
        if (handshakeContext != null && (sSLSessionImpl = handshakeContext.handshakeSession) != null) {
            sSLSessionImpl.invalidate();
        }
        if (!z8 && !isOutboundClosed() && !this.isBroken && (this.isNegotiated || this.handshakeContext != null)) {
            try {
                this.outputRecord.encodeAlert(Alert.Level.FATAL.level, alert.id);
            } catch (IOException e10) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                    SSLLogger.warning("Fatal: failed to send fatal alert " + alert, e10);
                }
                this.closeReason.addSuppressed(e10);
            }
        }
        try {
            this.outputRecord.close();
        } catch (IOException e11) {
            if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                SSLLogger.warning("Fatal: output record closure failed", e11);
            }
            this.closeReason.addSuppressed(e11);
        }
        if (this.handshakeContext != null) {
            this.handshakeContext = null;
        }
        try {
            try {
                this.transport.shutdown();
            } finally {
                this.isBroken = true;
            }
        } catch (IOException e12) {
            if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                SSLLogger.warning("Fatal: transport closure failed", e12);
            }
            this.closeReason.addSuppressed(e12);
        }
        Exception exc = this.closeReason;
        if (exc instanceof SSLException) {
            throw ((SSLException) exc);
        }
        throw ((RuntimeException) exc);
    }

    public SSLException fatal(Alert alert, Throwable th) {
        return fatal(alert, null, th);
    }

    public SSLEngineResult.HandshakeStatus finishHandshake() {
        HashMap<HandshakeCompletedListener, AccessControlContext> hashMap;
        if (this.protocolVersion.useTLS13PlusSpec()) {
            OutputRecord outputRecord = this.outputRecord;
            outputRecord.tc = this;
            InputRecord inputRecord = this.inputRecord;
            inputRecord.tc = this;
            HandshakeContext handshakeContext = this.handshakeContext;
            this.cipherSuite = handshakeContext.negotiatedCipherSuite;
            inputRecord.readCipher.baseSecret = handshakeContext.baseReadSecret;
            outputRecord.writeCipher.baseSecret = handshakeContext.baseWriteSecret;
        }
        this.handshakeContext = null;
        this.outputRecord.handshakeHash.finish();
        this.inputRecord.finishHandshake();
        this.outputRecord.finishHandshake();
        this.isNegotiated = true;
        if ((this.transport instanceof SSLSocket) && (hashMap = this.sslConfig.handshakeListeners) != null && !hashMap.isEmpty()) {
            new Thread(null, new NotifyHandshake(this.sslConfig.handshakeListeners, new HandshakeCompletedEvent((SSLSocket) this.transport, this.conSession)), "HandshakeCompletedNotify-Thread", 0L).start();
        }
        return SSLEngineResult.HandshakeStatus.FINISHED;
    }

    public SSLEngineResult.HandshakeStatus finishPostHandshake() {
        this.handshakeContext = null;
        return SSLEngineResult.HandshakeStatus.FINISHED;
    }

    public SSLEngineResult.HandshakeStatus getHandshakeStatus() {
        if (!this.outputRecord.isEmpty()) {
            return SSLEngineResult.HandshakeStatus.NEED_WRAP;
        }
        if (isOutboundClosed() && isInboundClosed()) {
            return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
        }
        HandshakeContext handshakeContext = this.handshakeContext;
        if (handshakeContext != null) {
            if (!handshakeContext.delegatedActions.isEmpty()) {
                return SSLEngineResult.HandshakeStatus.NEED_TASK;
            }
            if (!isInboundClosed()) {
                return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
            }
            if (!isOutboundClosed()) {
                return SSLEngineResult.HandshakeStatus.NEED_WRAP;
            }
        }
        return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
    }

    public boolean isInboundClosed() {
        return this.inputRecord.isClosed();
    }

    public boolean isOutboundClosed() {
        return this.outputRecord.isClosed();
    }

    public boolean isOutboundDone() {
        return this.outputRecord.isClosed() && this.outputRecord.isEmpty();
    }

    public boolean isPostHandshakeContext() {
        HandshakeContext handshakeContext = this.handshakeContext;
        return handshakeContext != null && (handshakeContext instanceof PostHandshakeContext);
    }

    public void kickstart() {
        if (this.isUnsureMode) {
            throw new IllegalStateException("Client/Server mode not yet set.");
        }
        if (this.outputRecord.isClosed() || this.inputRecord.isClosed() || this.isBroken) {
            if (this.closeReason == null) {
                throw new SSLException("Cannot kickstart, the connection is broken or closed");
            }
            throw new SSLException("Cannot kickstart, the connection is broken or closed", this.closeReason);
        }
        if (this.handshakeContext == null) {
            if (this.isNegotiated && this.protocolVersion.useTLS13PlusSpec()) {
                this.handshakeContext = new PostHandshakeContext(this);
            } else {
                this.handshakeContext = this.sslConfig.isClientMode ? new ClientHandshakeContext(this.sslContext, this) : new ServerHandshakeContext(this.sslContext, this);
                this.outputRecord.initHandshaker();
            }
        }
        if (this.isNegotiated || this.sslConfig.isClientMode) {
            this.handshakeContext.kickstart();
        }
    }

    public boolean needUnwrapAgain() {
        HandshakeContext handshakeContext;
        if (this.outputRecord.isEmpty()) {
            return ((isOutboundClosed() && isInboundClosed()) || (handshakeContext = this.handshakeContext) == null || !handshakeContext.delegatedActions.isEmpty() || isInboundClosed() || !this.sslContext.isDTLS() || this.inputRecord.isEmpty() || getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NEED_UNWRAP) ? false : true;
        }
        return false;
    }

    public void setUseClientMode(boolean z8) {
        if (this.handshakeContext != null || this.isNegotiated) {
            throw new IllegalArgumentException("Cannot change mode after SSL traffic has started");
        }
        SSLConfiguration sSLConfiguration = this.sslConfig;
        if (sSLConfiguration.isClientMode != z8) {
            if (this.sslContext.isDefaultProtocolVesions(sSLConfiguration.enabledProtocols)) {
                this.sslConfig.enabledProtocols = this.sslContext.getDefaultProtocolVersions(!z8);
            }
            if (this.sslContext.isDefaultCipherSuiteList(this.sslConfig.enabledCipherSuites)) {
                this.sslConfig.enabledCipherSuites = this.sslContext.getDefaultCipherSuites(!z8);
            }
            this.sslConfig.toggleClientMode();
        }
        this.isUnsureMode = false;
    }

    public void warning(Alert alert) {
        if (this.isNegotiated || this.handshakeContext != null) {
            try {
                this.outputRecord.encodeAlert(Alert.Level.WARNING.level, alert.id);
            } catch (IOException e9) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                    SSLLogger.warning("Warning: failed to send warning alert " + alert, e9);
                }
            }
        }
    }
}
