package org.conscrypt;

import defpackage.andf;
import defpackage.anen;
import defpackage.aner;
import defpackage.anet;
import defpackage.aneu;
import defpackage.anfa;
import defpackage.anfe;
import defpackage.anff;
import defpackage.anfg;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import java.security.spec.ECParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.X509KeyManager;
import org.conscrypt.NativeCrypto;

/* loaded from: classes3.dex */
public final class NativeSsl {
    public final NativeCrypto.SSLHandshakeCallbacks a;
    public X509Certificate[] b;
    public final ReadWriteLock c = new ReentrantReadWriteLock();
    public volatile long d;
    private final anfe e;
    private final anff f;

    private NativeSsl(long j, anfe anfeVar, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, anff anffVar) {
        this.d = j;
        this.e = anfeVar;
        this.a = sSLHandshakeCallbacks;
        this.f = anffVar;
    }

    public static NativeSsl a(anfe anfeVar, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, anff anffVar) {
        AbstractSessionContext b = anfeVar.b();
        return new NativeSsl(NativeCrypto.SSL_new(b.b, b), anfeVar, sSLHandshakeCallbacks, anffVar);
    }

    private final void b(String str) {
        X509KeyManager x509KeyManager;
        PrivateKey privateKey;
        byte[] encoded;
        if (str == null || (x509KeyManager = this.e.b) == null || (privateKey = x509KeyManager.getPrivateKey(str)) == null) {
            return;
        }
        this.b = x509KeyManager.getCertificateChain(str);
        X509Certificate[] x509CertificateArr = this.b;
        if (x509CertificateArr != null) {
            int length = x509CertificateArr.length;
            BigInteger bigInteger = null;
            ECParameterSpec params = null;
            PublicKey publicKey = length > 0 ? x509CertificateArr[0].getPublicKey() : null;
            byte[][] bArr = new byte[length];
            for (int i = 0; i < length; i++) {
                bArr[i] = this.b[i].getEncoded();
            }
            try {
                anet a = privateKey instanceof aneu ? ((aneu) privateKey).a() : "RSA".equals(privateKey.getAlgorithm()) ? anfa.a(privateKey) : null;
                if (a == null) {
                    if (!"PKCS#8".equals(privateKey.getFormat()) || (encoded = privateKey.getEncoded()) == null) {
                        a = null;
                    } else {
                        try {
                            a = new anet(NativeCrypto.EVP_parse_private_key(encoded));
                        } catch (OpenSSLX509CertificateFactory$ParsingException e) {
                            throw new InvalidKeyException(e);
                        }
                    }
                    if (a == null) {
                        String algorithm = privateKey.getAlgorithm();
                        if ("RSA".equals(algorithm)) {
                            if (privateKey instanceof RSAKey) {
                                bigInteger = ((RSAKey) privateKey).getModulus();
                            } else if (publicKey instanceof RSAKey) {
                                bigInteger = ((RSAKey) publicKey).getModulus();
                            }
                            if (bigInteger == null) {
                                String valueOf = String.valueOf(privateKey);
                                String valueOf2 = String.valueOf(publicKey);
                                StringBuilder sb = new StringBuilder(String.valueOf(valueOf).length() + 46 + String.valueOf(valueOf2).length());
                                sb.append("RSA modulus not available. Private: ");
                                sb.append(valueOf);
                                sb.append(", public: ");
                                sb.append(valueOf2);
                                throw new InvalidKeyException(sb.toString());
                            }
                            a = new anet(NativeCrypto.getRSAPrivateKeyWrapper(privateKey, bigInteger.toByteArray()), (byte) 0);
                        } else {
                            if (!"EC".equals(algorithm)) {
                                String valueOf3 = String.valueOf(algorithm);
                                throw new InvalidKeyException(valueOf3.length() != 0 ? "Unsupported key algorithm: ".concat(valueOf3) : new String("Unsupported key algorithm: "));
                            }
                            if (privateKey instanceof ECKey) {
                                params = ((ECKey) privateKey).getParams();
                            } else if (publicKey instanceof ECKey) {
                                params = ((ECKey) publicKey).getParams();
                            }
                            if (params == null) {
                                String valueOf4 = String.valueOf(privateKey);
                                String valueOf5 = String.valueOf(publicKey);
                                StringBuilder sb2 = new StringBuilder(String.valueOf(valueOf4).length() + 48 + String.valueOf(valueOf5).length());
                                sb2.append("EC parameters not available. Private: ");
                                sb2.append(valueOf4);
                                sb2.append(", public: ");
                                sb2.append(valueOf5);
                                throw new InvalidKeyException(sb2.toString());
                            }
                            a = aner.a(privateKey, params);
                        }
                    }
                }
                NativeCrypto.setLocalCertsAndPrivateKey(this.d, this, bArr, a.a);
            } catch (InvalidKeyException e2) {
                throw new SSLException(e2);
            }
        }
    }

    private final void g() {
        if (h()) {
            return;
        }
        anfe anfeVar = this.e;
        if (anfeVar.h) {
            NativeCrypto.SSL_set_verify(this.d, this, 3);
        } else {
            if (!anfeVar.i) {
                NativeCrypto.SSL_set_verify(this.d, this, 0);
                return;
            }
            NativeCrypto.SSL_set_verify(this.d, this, 1);
        }
        X509Certificate[] acceptedIssuers = this.e.c.getAcceptedIssuers();
        if (acceptedIssuers == null || acceptedIssuers.length == 0) {
            return;
        }
        try {
            NativeCrypto.SSL_set_client_CA_list(this.d, this, anfg.a(acceptedIssuers));
        } catch (CertificateEncodingException e) {
            throw new SSLException("Problem encoding principals", e);
        }
    }

    private final boolean h() {
        return this.e.g;
    }

    public final anen a() {
        try {
            return new anen(this);
        } catch (SSLException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public final void a(String str) {
        if (!this.e.j) {
            NativeCrypto.SSL_set_session_creation_enabled(this.d, this, false);
        }
        NativeCrypto.SSL_accept_renegotiations(this.d, this);
        if (h()) {
            NativeCrypto.SSL_set_connect_state(this.d, this);
            NativeCrypto.SSL_enable_ocsp_stapling(this.d, this);
            if (str != null && anfa.c(str)) {
                NativeCrypto.SSL_enable_signed_cert_timestamps(this.d, this);
            }
        } else {
            NativeCrypto.SSL_set_accept_state(this.d, this);
        }
        if (this.e.d().length == 0 && this.e.e) {
            throw new SSLHandshakeException("No enabled protocols; SSLv3 is no longer supported and was filtered from the list");
        }
        long j = this.d;
        String[] strArr = this.e.d;
        NativeCrypto.a(strArr);
        List asList = Arrays.asList(strArr);
        String str2 = null;
        String str3 = null;
        for (int i = 0; i < NativeCrypto.e.length; i++) {
            String str4 = NativeCrypto.e[i];
            if (!asList.contains(str4)) {
                if (str2 != null) {
                    break;
                }
            } else if (str2 != null) {
                str3 = str4;
            } else {
                str2 = str4;
                str3 = str2;
            }
        }
        if (str2 == null || str3 == null) {
            throw new IllegalArgumentException("No protocols enabled.");
        }
        NativeCrypto.SSL_set_protocol_versions(j, this, NativeCrypto.b(str2), NativeCrypto.b(str3));
        long j2 = this.d;
        String[] strArr2 = this.e.f;
        NativeCrypto.b(strArr2);
        ArrayList arrayList = new ArrayList();
        for (String str5 : strArr2) {
            if (!str5.equals("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) {
                if (str5.equals("TLS_FALLBACK_SCSV")) {
                    NativeCrypto.SSL_set_mode(j2, this, 1024L);
                } else {
                    if ("SSL_RSA_WITH_3DES_EDE_CBC_SHA".equals(str5)) {
                        str5 = "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
                    }
                    arrayList.add(str5);
                }
            }
        }
        NativeCrypto.SSL_set_cipher_lists(j2, this, (String[]) arrayList.toArray(new String[arrayList.size()]));
        if (this.e.m.length > 0) {
            NativeCrypto.setApplicationProtocols(this.d, this, h(), this.e.m);
        }
        if (!h()) {
            HashSet hashSet = new HashSet();
            for (long j3 : NativeCrypto.SSL_get_ciphers(this.d, this)) {
                String a = anfg.a(j3);
                if (a != null) {
                    hashSet.add(a);
                }
            }
            X509KeyManager x509KeyManager = this.e.b;
            if (x509KeyManager != null) {
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    try {
                        b(this.f.a(x509KeyManager, (String) it.next()));
                    } catch (CertificateEncodingException e) {
                        throw new IOException(e);
                    }
                }
            }
            NativeCrypto.SSL_set_options(this.d, this, 4194304L);
        }
        NativeCrypto.SSL_set_options(this.d, this, NativeCrypto.SSL_get_options(this.d, this) | 16384);
        if (this.e.e() && andf.a(str)) {
            NativeCrypto.SSL_set_tlsext_host_name(this.d, this, str);
        }
        NativeCrypto.SSL_set_mode(this.d, this, 256L);
        g();
    }

    public final long b() {
        return NativeCrypto.SSL_get_time(this.d, this);
    }

    public final void c() {
        NativeCrypto.SSL_interrupt(this.d, this);
    }

    public final void d() {
        this.c.writeLock().lock();
        try {
            if (!e()) {
                long j = this.d;
                this.d = 0L;
                NativeCrypto.SSL_free(j, this);
            }
        } finally {
            this.c.writeLock().unlock();
        }
    }

    public final boolean e() {
        return this.d == 0;
    }

    public final byte[] f() {
        return NativeCrypto.getApplicationProtocol(this.d, this);
    }

    protected final void finalize() {
        try {
            d();
        } finally {
            super.finalize();
        }
    }
}
