package org.conscrypt;

import android.support.v4.media.session.PlaybackStateCompat;
import java.io.FileDescriptor;
import java.io.IOException;
import java.net.SocketException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Objects;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import oc.l0;
import oc.n0;
import oc.p0;
import org.conscrypt.NativeCrypto;
import org.conscrypt.h;

/* loaded from: classes5.dex */
public final class NativeSsl {

    /* renamed from: a, reason: collision with root package name */
    public final h f34381a;

    /* renamed from: b, reason: collision with root package name */
    public final NativeCrypto.SSLHandshakeCallbacks f34382b;

    /* renamed from: c, reason: collision with root package name */
    public final h.a f34383c;

    /* renamed from: d, reason: collision with root package name */
    public final h.b f34384d;

    /* renamed from: e, reason: collision with root package name */
    public final ReentrantReadWriteLock f34385e = new ReentrantReadWriteLock();

    /* renamed from: f, reason: collision with root package name */
    public volatile long f34386f;

    /* loaded from: classes5.dex */
    public final class a {

        /* renamed from: a, reason: collision with root package name */
        public volatile long f34387a;

        public a() throws SSLException {
            this.f34387a = NativeCrypto.SSL_BIO_new(NativeSsl.this.f34386f, NativeSsl.this);
        }
    }

    public NativeSsl(long j10, h hVar, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, h.a aVar, h.b bVar) {
        this.f34386f = j10;
        this.f34381a = hVar;
        this.f34382b = sSLHandshakeCallbacks;
        this.f34383c = aVar;
        this.f34384d = bVar;
    }

    public static NativeSsl h(h hVar, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, h.a aVar, h.b bVar) throws SSLException {
        AbstractSessionContext e10 = hVar.e();
        return new NativeSsl(NativeCrypto.SSL_new(e10.f34361c, e10), hVar, sSLHandshakeCallbacks, aVar, bVar);
    }

    public final void a() {
        this.f34385e.writeLock().lock();
        try {
            if (!g()) {
                long j10 = this.f34386f;
                this.f34386f = 0L;
                NativeCrypto.SSL_free(j10, this);
            }
        } finally {
            this.f34385e.writeLock().unlock();
        }
    }

    public final int b() throws IOException {
        this.f34385e.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_do_handshake(this.f34386f, this, this.f34382b);
        } finally {
            this.f34385e.readLock().unlock();
        }
    }

    public final void c(FileDescriptor fileDescriptor, int i2) throws CertificateException, IOException {
        this.f34385e.readLock().lock();
        try {
            if (g() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_do_handshake(this.f34386f, this, fileDescriptor, this.f34382b, i2);
        } finally {
            this.f34385e.readLock().unlock();
        }
    }

    public final void d() throws IOException {
        this.f34385e.readLock().lock();
        try {
            NativeCrypto.ENGINE_SSL_force_read(this.f34386f, this, this.f34382b);
        } finally {
            this.f34385e.readLock().unlock();
        }
    }

    public final int e() {
        this.f34385e.readLock().lock();
        try {
            return !g() ? NativeCrypto.SSL_pending_readable_bytes(this.f34386f, this) : 0;
        } finally {
            this.f34385e.readLock().unlock();
        }
    }

    public final void f(String str) throws IOException {
        X509Certificate[] acceptedIssuers;
        boolean z10;
        if (!this.f34381a.f34495n) {
            NativeCrypto.SSL_set_session_creation_enabled(this.f34386f, this, false);
        }
        NativeCrypto.SSL_accept_renegotiations(this.f34386f, this);
        boolean z11 = true;
        if (this.f34381a.f34492k) {
            NativeCrypto.SSL_set_connect_state(this.f34386f, this);
            NativeCrypto.SSL_enable_ocsp_stapling(this.f34386f, this);
            h hVar = this.f34381a;
            Objects.requireNonNull(hVar);
            if (str == null ? false : hVar.f34500s ? true : n0.f(str)) {
                NativeCrypto.SSL_enable_signed_cert_timestamps(this.f34386f, this);
            }
        } else {
            NativeCrypto.SSL_set_accept_state(this.f34386f, this);
            if (this.f34381a.f34502u != null) {
                NativeCrypto.SSL_enable_ocsp_stapling(this.f34386f, this);
            }
        }
        if (this.f34381a.d().length == 0 && this.f34381a.f34490i) {
            throw new SSLHandshakeException("No enabled protocols; SSLv3 is no longer supported and was filtered from the list");
        }
        long j10 = this.f34386f;
        String[] strArr = this.f34381a.f34489h;
        NativeCrypto.b(strArr);
        NativeCrypto.a e10 = NativeCrypto.e(strArr);
        NativeCrypto.SSL_set_protocol_versions(j10, this, NativeCrypto.d(e10.f34378a), NativeCrypto.d(e10.f34379b));
        long j11 = this.f34386f;
        h hVar2 = this.f34381a;
        String[] strArr2 = hVar2.f34491j;
        String[] strArr3 = hVar2.f34489h;
        NativeCrypto.a(strArr2);
        String str2 = NativeCrypto.e(strArr3).f34379b;
        ArrayList arrayList = new ArrayList();
        for (String str3 : strArr2) {
            if (!str3.equals("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) {
                if (str3.equals("TLS_FALLBACK_SCSV") && (str2.equals("TLSv1") || str2.equals("TLSv1.1"))) {
                    NativeCrypto.SSL_set_mode(j11, this, PlaybackStateCompat.ACTION_PLAY_FROM_MEDIA_ID);
                } else {
                    if ("SSL_RSA_WITH_3DES_EDE_CBC_SHA".equals(str3)) {
                        str3 = "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
                    }
                    arrayList.add(str3);
                }
            }
        }
        NativeCrypto.SSL_set_cipher_lists(j11, this, (String[]) arrayList.toArray(new String[arrayList.size()]));
        if (this.f34381a.f34503v.length > 0) {
            long j12 = this.f34386f;
            h hVar3 = this.f34381a;
            NativeCrypto.setApplicationProtocols(j12, this, hVar3.f34492k, hVar3.f34503v);
        }
        h hVar4 = this.f34381a;
        if (!hVar4.f34492k && hVar4.f34504w != null) {
            NativeCrypto.setHasApplicationProtocolSelector(this.f34386f, this, true);
        }
        if (!this.f34381a.f34492k) {
            NativeCrypto.SSL_set_options(this.f34386f, this, PlaybackStateCompat.ACTION_SET_PLAYBACK_SPEED);
            if (this.f34381a.f34501t != null) {
                NativeCrypto.SSL_set_signed_cert_timestamp_list(this.f34386f, this, this.f34381a.f34501t);
            }
            if (this.f34381a.f34502u != null) {
                NativeCrypto.SSL_set_ocsp_response(this.f34386f, this, this.f34381a.f34502u);
            }
        }
        h hVar5 = this.f34381a;
        l0 l0Var = hVar5.f34487f;
        if (l0Var != null) {
            String[] strArr4 = hVar5.f34491j;
            int length = strArr4.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length) {
                    z10 = false;
                    break;
                }
                String str4 = strArr4[i2];
                if (str4 != null && str4.contains("PSK")) {
                    z10 = true;
                    break;
                }
                i2++;
            }
            if (z10) {
                if (this.f34381a.f34492k) {
                    NativeCrypto.set_SSL_psk_client_callback_enabled(this.f34386f, this, true);
                } else {
                    NativeCrypto.set_SSL_psk_server_callback_enabled(this.f34386f, this, true);
                    NativeCrypto.SSL_use_psk_identity_hint(this.f34386f, this, this.f34384d.b(l0Var));
                }
            }
        }
        if (this.f34381a.f34505x) {
            NativeCrypto.SSL_clear_options(this.f34386f, this, PlaybackStateCompat.ACTION_PREPARE);
        } else {
            NativeCrypto.SSL_set_options(this.f34386f, this, PlaybackStateCompat.ACTION_PREPARE | NativeCrypto.SSL_get_options(this.f34386f, this));
        }
        if (this.f34381a.f() && p2.a.c(str)) {
            NativeCrypto.SSL_set_tlsext_host_name(this.f34386f, this, str);
        }
        NativeCrypto.SSL_set_mode(this.f34386f, this, 256L);
        h hVar6 = this.f34381a;
        if (!hVar6.f34492k) {
            if (hVar6.f34493l) {
                NativeCrypto.SSL_set_verify(this.f34386f, this, 3);
            } else if (hVar6.f34494m) {
                NativeCrypto.SSL_set_verify(this.f34386f, this, 1);
            } else {
                NativeCrypto.SSL_set_verify(this.f34386f, this, 0);
                z11 = false;
            }
            if (z11 && (acceptedIssuers = this.f34381a.f34488g.getAcceptedIssuers()) != null && acceptedIssuers.length != 0) {
                try {
                    boolean z12 = p0.f33972a;
                    byte[][] bArr = new byte[acceptedIssuers.length];
                    for (int i10 = 0; i10 < acceptedIssuers.length; i10++) {
                        bArr[i10] = acceptedIssuers[i10].getSubjectX500Principal().getEncoded();
                    }
                    NativeCrypto.SSL_set_client_CA_list(this.f34386f, this, bArr);
                } catch (CertificateEncodingException e11) {
                    throw new SSLException("Problem encoding principals", e11);
                }
            }
        }
        h hVar7 = this.f34381a;
        if (hVar7.f34507z) {
            if (hVar7.f34492k) {
                throw new SSLHandshakeException("Invalid TLS channel ID key specified");
            }
            NativeCrypto.SSL_enable_tls_channel_id(this.f34386f, this);
        }
    }

    public final void finalize() throws Throwable {
        try {
            a();
        } finally {
            super.finalize();
        }
    }

    public final boolean g() {
        return this.f34386f == 0;
    }

    public final int i(FileDescriptor fileDescriptor, byte[] bArr, int i2, int i10, int i11) throws IOException {
        this.f34385e.readLock().lock();
        try {
            if (g() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            return NativeCrypto.SSL_read(this.f34386f, this, fileDescriptor, this.f34382b, bArr, i2, i10, i11);
        } finally {
            this.f34385e.readLock().unlock();
        }
    }

    public final void j() throws IOException {
        this.f34385e.readLock().lock();
        try {
            NativeCrypto.ENGINE_SSL_shutdown(this.f34386f, this, this.f34382b);
        } finally {
            this.f34385e.readLock().unlock();
        }
    }

    public final boolean k() {
        this.f34385e.readLock().lock();
        try {
            return (NativeCrypto.SSL_get_shutdown(this.f34386f, this) & 2) != 0;
        } finally {
            this.f34385e.readLock().unlock();
        }
    }

    public final boolean l() {
        this.f34385e.readLock().lock();
        try {
            return (NativeCrypto.SSL_get_shutdown(this.f34386f, this) & 1) != 0;
        } finally {
            this.f34385e.readLock().unlock();
        }
    }

    public final void m(FileDescriptor fileDescriptor, byte[] bArr, int i2, int i10, int i11) throws IOException {
        this.f34385e.readLock().lock();
        try {
            if (g() || fileDescriptor == null || !fileDescriptor.valid()) {
                throw new SocketException("Socket is closed");
            }
            NativeCrypto.SSL_write(this.f34386f, this, fileDescriptor, this.f34382b, bArr, i2, i10, i11);
        } finally {
            this.f34385e.readLock().unlock();
        }
    }
}
