package org.conscrypt;

import android.support.v4.media.session.PlaybackStateCompat;
import defpackage.a86;
import defpackage.gq5;
import defpackage.k45;
import defpackage.ry5;
import defpackage.tw6;
import defpackage.uw6;
import defpackage.vw6;
import defpackage.yw6;
import java.io.FileDescriptor;
import java.io.IOException;
import java.net.SocketException;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.X509KeyManager;
import org.conscrypt.NativeCrypto;

/* loaded from: classes6.dex */
public final class NativeSsl {
    public final vw6 a;
    public final Object b;
    public final Object c;
    public final Object d;
    public X509Certificate[] e;
    public final ReentrantReadWriteLock f = new ReentrantReadWriteLock();
    public volatile long g;

    public NativeSsl(long j, vw6 vw6Var, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, tw6 tw6Var, uw6 uw6Var) {
        this.g = j;
        this.a = vw6Var;
        this.b = sSLHandshakeCallbacks;
        this.c = tw6Var;
        this.d = uw6Var;
    }

    public static NativeSsl h(vw6 vw6Var, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, tw6 tw6Var, uw6 uw6Var) {
        AbstractSessionContext e = vw6Var.e();
        return new NativeSsl(NativeCrypto.SSL_new(e.c, e), vw6Var, sSLHandshakeCallbacks, tw6Var, uw6Var);
    }

    public final void a() {
        this.f.writeLock().lock();
        try {
            if (!f()) {
                long j = this.g;
                this.g = 0L;
                NativeCrypto.SSL_free(j, this);
            }
        } finally {
            this.f.writeLock().unlock();
        }
    }

    /* JADX WARN: Type inference failed for: r2v0, types: [org.conscrypt.NativeCrypto$SSLHandshakeCallbacks, java.lang.Object] */
    public final int b() {
        this.f.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_do_handshake(this.g, this, this.b);
        } finally {
            this.f.readLock().unlock();
        }
    }

    /* JADX WARN: Type inference failed for: r5v0, types: [org.conscrypt.NativeCrypto$SSLHandshakeCallbacks, java.lang.Object] */
    public final void c(FileDescriptor fileDescriptor, int i) {
        this.f.readLock().lock();
        try {
            if (f() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_do_handshake(this.g, this, fileDescriptor, this.b, i);
        } finally {
            this.f.readLock().unlock();
        }
    }

    /* JADX WARN: Type inference failed for: r2v0, types: [org.conscrypt.NativeCrypto$SSLHandshakeCallbacks, java.lang.Object] */
    public final void d() {
        this.f.readLock().lock();
        try {
            NativeCrypto.ENGINE_SSL_force_read(this.g, this, this.b);
        } finally {
            this.f.readLock().unlock();
        }
    }

    /* JADX WARN: Type inference failed for: r1v39, types: [uw6, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r5v8, types: [tw6, java.lang.Object] */
    public final void e(String str, ry5 ry5Var) {
        if (!this.a.u) {
            NativeCrypto.SSL_set_session_creation_enabled(this.g, this, false);
        }
        NativeCrypto.SSL_accept_renegotiations(this.g, this);
        if (this.a.i) {
            NativeCrypto.SSL_set_connect_state(this.g, this);
            NativeCrypto.SSL_enable_ocsp_stapling(this.g, this);
            this.a.getClass();
            if (str == null ? false : a86.d(str)) {
                NativeCrypto.SSL_enable_signed_cert_timestamps(this.g, this);
            }
        } else {
            NativeCrypto.SSL_set_accept_state(this.g, this);
            this.a.getClass();
        }
        if (this.a.d().length == 0 && this.a.g) {
            throw new SSLHandshakeException("No enabled protocols; SSLv3 is no longer supported and was filtered from the list");
        }
        long j = this.g;
        String[] strArr = this.a.f;
        NativeCrypto.b(strArr);
        List asList = Arrays.asList(strArr);
        String str2 = null;
        String str3 = null;
        int i = 0;
        while (true) {
            String[] strArr2 = NativeCrypto.k;
            if (i >= strArr2.length) {
                break;
            }
            String str4 = strArr2[i];
            if (!asList.contains(str4)) {
                if (str2 != null) {
                    break;
                }
            } else {
                if (str2 == null) {
                    str2 = str4;
                }
                str3 = str4;
            }
            i++;
        }
        if (str2 == null || str3 == null) {
            throw new IllegalArgumentException("No protocols enabled.");
        }
        NativeCrypto.SSL_set_protocol_versions(j, this, NativeCrypto.c(str2), NativeCrypto.c(str3));
        long j2 = this.g;
        String[] strArr3 = this.a.h;
        NativeCrypto.a(strArr3);
        ArrayList arrayList = new ArrayList();
        for (String str5 : strArr3) {
            if (!str5.equals("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) {
                if (str5.equals("TLS_FALLBACK_SCSV")) {
                    NativeCrypto.SSL_set_mode(j2, this, 1024L);
                } else {
                    if ("SSL_RSA_WITH_3DES_EDE_CBC_SHA".equals(str5)) {
                        str5 = "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
                    }
                    arrayList.add(str5);
                }
            }
        }
        NativeCrypto.SSL_set_cipher_lists(j2, this, (String[]) arrayList.toArray(new String[arrayList.size()]));
        if (this.a.x.length > 0) {
            long j3 = this.g;
            vw6 vw6Var = this.a;
            NativeCrypto.setApplicationProtocols(j3, this, vw6Var.i, vw6Var.x);
        }
        vw6 vw6Var2 = this.a;
        if (!vw6Var2.i && vw6Var2.y != null) {
            NativeCrypto.setApplicationProtocolSelector(this.g, this, this.a.y);
        }
        if (!this.a.i) {
            HashSet hashSet = new HashSet();
            for (long j4 : NativeCrypto.SSL_get_ciphers(this.g, this)) {
                boolean z = yw6.a;
                String SSL_CIPHER_get_kx_name = NativeCrypto.SSL_CIPHER_get_kx_name(j4);
                String str6 = "RSA";
                if (!SSL_CIPHER_get_kx_name.equals("RSA") && !SSL_CIPHER_get_kx_name.equals("DHE_RSA") && !SSL_CIPHER_get_kx_name.equals("ECDHE_RSA")) {
                    str6 = SSL_CIPHER_get_kx_name.equals("ECDHE_ECDSA") ? "EC" : null;
                }
                if (str6 != null) {
                    hashSet.add(str6);
                }
            }
            X509KeyManager x509KeyManager = this.a.c;
            if (x509KeyManager != null) {
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    try {
                        j(this.c.a(x509KeyManager, (String) it.next()));
                    } catch (CertificateEncodingException e) {
                        throw new IOException(e);
                    }
                }
            }
            NativeCrypto.SSL_set_options(this.g, this, PlaybackStateCompat.ACTION_SET_PLAYBACK_SPEED);
            this.a.getClass();
            this.a.getClass();
        }
        vw6 vw6Var3 = this.a;
        PSKKeyManager pSKKeyManager = vw6Var3.d;
        if (pSKKeyManager != null) {
            String[] strArr4 = vw6Var3.h;
            int length = strArr4.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length) {
                    break;
                }
                String str7 = strArr4[i2];
                if (str7 == null || !str7.contains("PSK")) {
                    i2++;
                } else if (this.a.i) {
                    NativeCrypto.set_SSL_psk_client_callback_enabled(this.g, this, true);
                } else {
                    NativeCrypto.set_SSL_psk_server_callback_enabled(this.g, this, true);
                    NativeCrypto.SSL_use_psk_identity_hint(this.g, this, this.d.b(pSKKeyManager));
                }
            }
        }
        if (this.a.z) {
            NativeCrypto.SSL_clear_options(this.g, this, 16384L);
        } else {
            NativeCrypto.SSL_set_options(this.g, this, 16384 | NativeCrypto.SSL_get_options(this.g, this));
        }
        if (this.a.f() && k45.I(str)) {
            NativeCrypto.SSL_set_tlsext_host_name(this.g, this, str);
        }
        NativeCrypto.SSL_set_mode(this.g, this, 256L);
        vw6 vw6Var4 = this.a;
        if (!vw6Var4.i) {
            if (vw6Var4.j) {
                NativeCrypto.SSL_set_verify(this.g, this, 3);
            } else if (vw6Var4.t) {
                NativeCrypto.SSL_set_verify(this.g, this, 1);
            } else {
                NativeCrypto.SSL_set_verify(this.g, this, 0);
            }
            X509Certificate[] acceptedIssuers = this.a.e.getAcceptedIssuers();
            if (acceptedIssuers != null && acceptedIssuers.length != 0) {
                try {
                    boolean z2 = yw6.a;
                    byte[][] bArr = new byte[acceptedIssuers.length];
                    for (int i3 = 0; i3 < acceptedIssuers.length; i3++) {
                        bArr[i3] = acceptedIssuers[i3].getSubjectX500Principal().getEncoded();
                    }
                    NativeCrypto.SSL_set_client_CA_list(this.g, this, bArr);
                } catch (CertificateEncodingException e2) {
                    throw new SSLException("Problem encoding principals", e2);
                }
            }
        }
        vw6 vw6Var5 = this.a;
        if (vw6Var5.B) {
            if (!vw6Var5.i) {
                NativeCrypto.SSL_enable_tls_channel_id(this.g, this);
            } else {
                if (ry5Var == null) {
                    throw new SSLHandshakeException("Invalid TLS channel ID key specified");
                }
                NativeCrypto.SSL_set1_tls_channel_id(this.g, this, ry5Var.a);
            }
        }
    }

    public final boolean f() {
        return this.g == 0;
    }

    public final void finalize() {
        try {
            a();
        } finally {
            super.finalize();
        }
    }

    public final gq5 g() {
        try {
            return new gq5(this);
        } catch (SSLException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX WARN: Type inference failed for: r5v0, types: [org.conscrypt.NativeCrypto$SSLHandshakeCallbacks, java.lang.Object] */
    public final int i(FileDescriptor fileDescriptor, byte[] bArr, int i, int i2, int i3) {
        this.f.readLock().lock();
        try {
            if (f() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            return NativeCrypto.SSL_read(this.g, this, fileDescriptor, this.b, bArr, i, i2, i3);
        } finally {
            this.f.readLock().unlock();
        }
    }

    public final void j(String str) {
        X509KeyManager x509KeyManager;
        PrivateKey privateKey;
        if (str == null || (x509KeyManager = this.a.c) == null || (privateKey = x509KeyManager.getPrivateKey(str)) == null) {
            return;
        }
        X509Certificate[] certificateChain = x509KeyManager.getCertificateChain(str);
        this.e = certificateChain;
        if (certificateChain == null) {
            return;
        }
        int length = certificateChain.length;
        PublicKey publicKey = length > 0 ? certificateChain[0].getPublicKey() : null;
        byte[][] bArr = new byte[length];
        for (int i = 0; i < length; i++) {
            bArr[i] = this.e[i].getEncoded();
        }
        try {
            NativeCrypto.setLocalCertsAndPrivateKey(this.g, this, bArr, ry5.c(privateKey, publicKey).a);
        } catch (InvalidKeyException e) {
            throw new SSLException(e);
        }
    }

    /* JADX WARN: Type inference failed for: r5v0, types: [org.conscrypt.NativeCrypto$SSLHandshakeCallbacks, java.lang.Object] */
    public final void k(FileDescriptor fileDescriptor, byte[] bArr, int i, int i2, int i3) {
        this.f.readLock().lock();
        try {
            if (f() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_write(this.g, this, fileDescriptor, this.b, bArr, i, i2, i3);
        } finally {
            this.f.readLock().unlock();
        }
    }
}
