package org.conscrypt;

import com.google.android.exoplayer2.ext.mediasession.MediaSessionConnector;
import com.miui.miapm.block.core.MethodRecorder;
import java.io.FileDescriptor;
import java.io.IOException;
import java.net.SocketException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import org.conscrypt.NativeCrypto;
import org.conscrypt.SSLParametersImpl;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes8.dex */
public final class NativeSsl {
    private final SSLParametersImpl.AliasChooser aliasChooser;
    private final NativeCrypto.SSLHandshakeCallbacks handshakeCallbacks;
    private X509Certificate[] localCertificates;
    private final ReadWriteLock lock;
    private final SSLParametersImpl parameters;
    private final SSLParametersImpl.PSKCallbacks pskCallbacks;
    private volatile long ssl;

    /* loaded from: classes8.dex */
    final class BioWrapper {
        private volatile long bio;

        private BioWrapper() throws SSLException {
            MethodRecorder.i(53349);
            this.bio = NativeCrypto.SSL_BIO_new(NativeSsl.this.ssl, NativeSsl.this);
            MethodRecorder.o(53349);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void close() {
            MethodRecorder.i(53354);
            long j = this.bio;
            this.bio = 0L;
            NativeCrypto.BIO_free_all(j);
            MethodRecorder.o(53354);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int getPendingWrittenBytes() {
            MethodRecorder.i(53351);
            if (this.bio == 0) {
                MethodRecorder.o(53351);
                return 0;
            }
            int SSL_pending_written_bytes_in_BIO = NativeCrypto.SSL_pending_written_bytes_in_BIO(this.bio);
            MethodRecorder.o(53351);
            return SSL_pending_written_bytes_in_BIO;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int readDirectByteBuffer(long j, int i) throws IOException {
            MethodRecorder.i(53353);
            int ENGINE_SSL_read_BIO_direct = NativeCrypto.ENGINE_SSL_read_BIO_direct(NativeSsl.this.ssl, NativeSsl.this, this.bio, j, i, NativeSsl.this.handshakeCallbacks);
            MethodRecorder.o(53353);
            return ENGINE_SSL_read_BIO_direct;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int writeDirectByteBuffer(long j, int i) throws IOException {
            MethodRecorder.i(53352);
            int ENGINE_SSL_write_BIO_direct = NativeCrypto.ENGINE_SSL_write_BIO_direct(NativeSsl.this.ssl, NativeSsl.this, this.bio, j, i, NativeSsl.this.handshakeCallbacks);
            MethodRecorder.o(53352);
            return ENGINE_SSL_write_BIO_direct;
        }
    }

    private NativeSsl(long j, SSLParametersImpl sSLParametersImpl, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, SSLParametersImpl.AliasChooser aliasChooser, SSLParametersImpl.PSKCallbacks pSKCallbacks) {
        MethodRecorder.i(53378);
        this.lock = new ReentrantReadWriteLock();
        this.ssl = j;
        this.parameters = sSLParametersImpl;
        this.handshakeCallbacks = sSLHandshakeCallbacks;
        this.aliasChooser = aliasChooser;
        this.pskCallbacks = pSKCallbacks;
        MethodRecorder.o(53378);
    }

    private void enablePSKKeyManagerIfRequested() throws SSLException {
        MethodRecorder.i(53428);
        PSKKeyManager pSKKeyManager = this.parameters.getPSKKeyManager();
        if (pSKKeyManager != null) {
            String[] strArr = this.parameters.enabledCipherSuites;
            int length = strArr.length;
            boolean z = false;
            int i = 0;
            while (true) {
                if (i < length) {
                    String str = strArr[i];
                    if (str != null && str.contains("PSK")) {
                        z = true;
                        break;
                    }
                    i++;
                } else {
                    break;
                }
            }
            if (z) {
                if (isClient()) {
                    NativeCrypto.set_SSL_psk_client_callback_enabled(this.ssl, this, true);
                } else {
                    NativeCrypto.set_SSL_psk_server_callback_enabled(this.ssl, this, true);
                    NativeCrypto.SSL_use_psk_identity_hint(this.ssl, this, this.pskCallbacks.chooseServerPSKIdentityHint(pSKKeyManager));
                }
            }
        }
        MethodRecorder.o(53428);
    }

    private boolean isClient() {
        MethodRecorder.i(53457);
        boolean useClientMode = this.parameters.getUseClientMode();
        MethodRecorder.o(53457);
        return useClientMode;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static NativeSsl newInstance(SSLParametersImpl sSLParametersImpl, NativeCrypto.SSLHandshakeCallbacks sSLHandshakeCallbacks, SSLParametersImpl.AliasChooser aliasChooser, SSLParametersImpl.PSKCallbacks pSKCallbacks) throws SSLException {
        MethodRecorder.i(53382);
        AbstractSessionContext sessionContext = sSLParametersImpl.getSessionContext();
        NativeSsl nativeSsl = new NativeSsl(NativeCrypto.SSL_new(sessionContext.sslCtxNativePointer, sessionContext), sSLParametersImpl, sSLHandshakeCallbacks, aliasChooser, pSKCallbacks);
        MethodRecorder.o(53382);
        return nativeSsl;
    }

    private void setCertificateValidation() throws SSLException {
        X509Certificate[] acceptedIssuers;
        MethodRecorder.i(53435);
        if (!isClient()) {
            boolean z = false;
            if (this.parameters.getNeedClientAuth()) {
                NativeCrypto.SSL_set_verify(this.ssl, this, 3);
            } else if (this.parameters.getWantClientAuth()) {
                NativeCrypto.SSL_set_verify(this.ssl, this, 1);
            } else {
                NativeCrypto.SSL_set_verify(this.ssl, this, 0);
                if (z && (acceptedIssuers = this.parameters.getX509TrustManager().getAcceptedIssuers()) != null && acceptedIssuers.length != 0) {
                    try {
                        NativeCrypto.SSL_set_client_CA_list(this.ssl, this, SSLUtils.encodeSubjectX509Principals(acceptedIssuers));
                    } catch (CertificateEncodingException e) {
                        SSLException sSLException = new SSLException("Problem encoding principals", e);
                        MethodRecorder.o(53435);
                        throw sSLException;
                    }
                }
            }
            z = true;
            if (z) {
                NativeCrypto.SSL_set_client_CA_list(this.ssl, this, SSLUtils.encodeSubjectX509Principals(acceptedIssuers));
            }
        }
        MethodRecorder.o(53435);
    }

    private void setTlsChannelId(OpenSSLKey openSSLKey) throws SSLException {
        MethodRecorder.i(53430);
        SSLParametersImpl sSLParametersImpl = this.parameters;
        if (!sSLParametersImpl.channelIdEnabled) {
            MethodRecorder.o(53430);
            return;
        }
        if (!sSLParametersImpl.getUseClientMode()) {
            NativeCrypto.SSL_enable_tls_channel_id(this.ssl, this);
        } else {
            if (openSSLKey == null) {
                SSLHandshakeException sSLHandshakeException = new SSLHandshakeException("Invalid TLS channel ID key specified");
                MethodRecorder.o(53430);
                throw sSLHandshakeException;
            }
            NativeCrypto.SSL_set1_tls_channel_id(this.ssl, this, openSSLKey.getNativeRef());
        }
        MethodRecorder.o(53430);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void close() {
        MethodRecorder.i(53454);
        this.lock.writeLock().lock();
        try {
            if (!isClosed()) {
                long j = this.ssl;
                this.ssl = 0L;
                NativeCrypto.SSL_free(j, this);
            }
        } finally {
            this.lock.writeLock().unlock();
            MethodRecorder.o(53454);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int doHandshake() throws IOException {
        MethodRecorder.i(53424);
        this.lock.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_do_handshake(this.ssl, this, this.handshakeCallbacks);
        } finally {
            this.lock.readLock().unlock();
            MethodRecorder.o(53424);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void doHandshake(FileDescriptor fileDescriptor, int i) throws CertificateException, IOException {
        MethodRecorder.i(53421);
        this.lock.readLock().lock();
        try {
            if (!isClosed() && fileDescriptor != null && fileDescriptor.valid()) {
                NativeCrypto.SSL_do_handshake(this.ssl, this, fileDescriptor, this.handshakeCallbacks, i);
            } else {
                SocketException socketException = new SocketException("Socket is closed");
                MethodRecorder.o(53421);
                throw socketException;
            }
        } finally {
            this.lock.readLock().unlock();
            MethodRecorder.o(53421);
        }
    }

    protected final void finalize() throws Throwable {
        MethodRecorder.i(53458);
        try {
            close();
        } finally {
            super.finalize();
            MethodRecorder.o(53458);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void forceRead() throws IOException {
        MethodRecorder.i(53449);
        this.lock.readLock().lock();
        try {
            NativeCrypto.ENGINE_SSL_force_read(this.ssl, this, this.handshakeCallbacks);
        } finally {
            this.lock.readLock().unlock();
            MethodRecorder.o(53449);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getApplicationProtocol() {
        MethodRecorder.i(53456);
        byte[] applicationProtocol = NativeCrypto.getApplicationProtocol(this.ssl, this);
        MethodRecorder.o(53456);
        return applicationProtocol;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getCipherSuite() {
        MethodRecorder.i(53392);
        String cipherSuiteToJava = NativeCrypto.cipherSuiteToJava(NativeCrypto.SSL_get_current_cipher(this.ssl, this));
        MethodRecorder.o(53392);
        return cipherSuiteToJava;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getError(int i) {
        MethodRecorder.i(53455);
        int SSL_get_error = NativeCrypto.SSL_get_error(this.ssl, this, i);
        MethodRecorder.o(53455);
        return SSL_get_error;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] getLocalCertificates() {
        return this.localCertificates;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getMaxSealOverhead() {
        MethodRecorder.i(53453);
        int SSL_max_seal_overhead = NativeCrypto.SSL_max_seal_overhead(this.ssl, this);
        MethodRecorder.o(53453);
        return SSL_max_seal_overhead;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getPeerCertificateOcspData() {
        MethodRecorder.i(53396);
        byte[] SSL_get_ocsp_response = NativeCrypto.SSL_get_ocsp_response(this.ssl, this);
        MethodRecorder.o(53396);
        return SSL_get_ocsp_response;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] getPeerCertificates() throws CertificateException {
        MethodRecorder.i(53394);
        byte[][] SSL_get0_peer_certificates = NativeCrypto.SSL_get0_peer_certificates(this.ssl, this);
        X509Certificate[] decodeX509CertificateChain = SSL_get0_peer_certificates == null ? null : SSLUtils.decodeX509CertificateChain(SSL_get0_peer_certificates);
        MethodRecorder.o(53394);
        return decodeX509CertificateChain;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getPeerTlsSctData() {
        MethodRecorder.i(53401);
        byte[] SSL_get_signed_cert_timestamp_list = NativeCrypto.SSL_get_signed_cert_timestamp_list(this.ssl, this);
        MethodRecorder.o(53401);
        return SSL_get_signed_cert_timestamp_list;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getPendingReadableBytes() {
        MethodRecorder.i(53451);
        this.lock.readLock().lock();
        try {
            if (isClosed()) {
                return 0;
            }
            return NativeCrypto.SSL_pending_readable_bytes(this.ssl, this);
        } finally {
            this.lock.readLock().unlock();
            MethodRecorder.o(53451);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getRequestedServerName() {
        MethodRecorder.i(53410);
        String SSL_get_servername = NativeCrypto.SSL_get_servername(this.ssl, this);
        MethodRecorder.o(53410);
        return SSL_get_servername;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getSessionId() {
        MethodRecorder.i(53385);
        byte[] SSL_session_id = NativeCrypto.SSL_session_id(this.ssl, this);
        MethodRecorder.o(53385);
        return SSL_session_id;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long getTime() {
        MethodRecorder.i(53386);
        long SSL_get_time = NativeCrypto.SSL_get_time(this.ssl, this);
        MethodRecorder.o(53386);
        return SSL_get_time;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long getTimeout() {
        MethodRecorder.i(53388);
        long SSL_get_timeout = NativeCrypto.SSL_get_timeout(this.ssl, this);
        MethodRecorder.o(53388);
        return SSL_get_timeout;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getVersion() {
        MethodRecorder.i(53409);
        String SSL_get_version = NativeCrypto.SSL_get_version(this.ssl, this);
        MethodRecorder.o(53409);
        return SSL_get_version;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void initialize(String str, OpenSSLKey openSSLKey) throws IOException {
        MethodRecorder.i(53413);
        if (!this.parameters.getEnableSessionCreation()) {
            NativeCrypto.SSL_set_session_creation_enabled(this.ssl, this, false);
        }
        NativeCrypto.SSL_accept_renegotiations(this.ssl, this);
        if (isClient()) {
            NativeCrypto.SSL_set_connect_state(this.ssl, this);
            NativeCrypto.SSL_enable_ocsp_stapling(this.ssl, this);
            if (this.parameters.isCTVerificationEnabled(str)) {
                NativeCrypto.SSL_enable_signed_cert_timestamps(this.ssl, this);
            }
        } else {
            NativeCrypto.SSL_set_accept_state(this.ssl, this);
            if (this.parameters.getOCSPResponse() != null) {
                NativeCrypto.SSL_enable_ocsp_stapling(this.ssl, this);
            }
        }
        if (this.parameters.getEnabledProtocols().length == 0 && this.parameters.isEnabledProtocolsFiltered) {
            SSLHandshakeException sSLHandshakeException = new SSLHandshakeException("No enabled protocols; SSLv3 is no longer supported and was filtered from the list");
            MethodRecorder.o(53413);
            throw sSLHandshakeException;
        }
        NativeCrypto.setEnabledProtocols(this.ssl, this, this.parameters.enabledProtocols);
        long j = this.ssl;
        SSLParametersImpl sSLParametersImpl = this.parameters;
        NativeCrypto.setEnabledCipherSuites(j, this, sSLParametersImpl.enabledCipherSuites, sSLParametersImpl.enabledProtocols);
        if (this.parameters.applicationProtocols.length > 0) {
            NativeCrypto.setApplicationProtocols(this.ssl, this, isClient(), this.parameters.applicationProtocols);
        }
        if (!isClient() && this.parameters.applicationProtocolSelector != null) {
            NativeCrypto.setHasApplicationProtocolSelector(this.ssl, this, true);
        }
        if (!isClient()) {
            NativeCrypto.SSL_set_options(this.ssl, this, MediaSessionConnector.ACTION_SET_PLAYBACK_SPEED);
            if (this.parameters.sctExtension != null) {
                NativeCrypto.SSL_set_signed_cert_timestamp_list(this.ssl, this, this.parameters.sctExtension);
            }
            if (this.parameters.ocspResponse != null) {
                NativeCrypto.SSL_set_ocsp_response(this.ssl, this, this.parameters.ocspResponse);
            }
        }
        enablePSKKeyManagerIfRequested();
        if (this.parameters.useSessionTickets) {
            NativeCrypto.SSL_clear_options(this.ssl, this, 16384L);
        } else {
            NativeCrypto.SSL_set_options(this.ssl, this, NativeCrypto.SSL_get_options(this.ssl, this) | 16384);
        }
        if (this.parameters.getUseSni() && AddressUtils.isValidSniHostname(str)) {
            NativeCrypto.SSL_set_tlsext_host_name(this.ssl, this, str);
        }
        NativeCrypto.SSL_set_mode(this.ssl, this, 256L);
        setCertificateValidation();
        setTlsChannelId(openSSLKey);
        MethodRecorder.o(53413);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void interrupt() {
        MethodRecorder.i(53436);
        NativeCrypto.SSL_interrupt(this.ssl, this);
        MethodRecorder.o(53436);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isClosed() {
        return this.ssl == 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BioWrapper newBio() {
        MethodRecorder.i(53383);
        try {
            BioWrapper bioWrapper = new BioWrapper();
            MethodRecorder.o(53383);
            return bioWrapper;
        } catch (SSLException e) {
            RuntimeException runtimeException = new RuntimeException(e);
            MethodRecorder.o(53383);
            throw runtimeException;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void offerToResumeSession(long j) throws SSLException {
        MethodRecorder.i(53384);
        NativeCrypto.SSL_set_session(this.ssl, this, j);
        MethodRecorder.o(53384);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int read(FileDescriptor fileDescriptor, byte[] bArr, int i, int i2, int i3) throws IOException {
        MethodRecorder.i(53425);
        this.lock.readLock().lock();
        try {
            if (!isClosed() && fileDescriptor != null && fileDescriptor.valid()) {
                return NativeCrypto.SSL_read(this.ssl, this, fileDescriptor, this.handshakeCallbacks, bArr, i, i2, i3);
            }
            SocketException socketException = new SocketException("Socket is closed");
            MethodRecorder.o(53425);
            throw socketException;
        } finally {
            this.lock.readLock().unlock();
            MethodRecorder.o(53425);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int readDirectByteBuffer(long j, int i) throws IOException, CertificateException {
        MethodRecorder.i(53446);
        this.lock.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_read_direct(this.ssl, this, j, i, this.handshakeCallbacks);
        } finally {
            this.lock.readLock().unlock();
            MethodRecorder.o(53446);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setTimeout(long j) {
        MethodRecorder.i(53390);
        NativeCrypto.SSL_set_timeout(this.ssl, this, j);
        MethodRecorder.o(53390);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void shutdown() throws IOException {
        MethodRecorder.i(53441);
        this.lock.readLock().lock();
        try {
            NativeCrypto.ENGINE_SSL_shutdown(this.ssl, this, this.handshakeCallbacks);
        } finally {
            this.lock.readLock().unlock();
            MethodRecorder.o(53441);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void shutdown(FileDescriptor fileDescriptor) throws IOException {
        MethodRecorder.i(53437);
        NativeCrypto.SSL_shutdown(this.ssl, this, fileDescriptor, this.handshakeCallbacks);
        MethodRecorder.o(53437);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean wasShutdownReceived() {
        MethodRecorder.i(53442);
        this.lock.readLock().lock();
        try {
            return (NativeCrypto.SSL_get_shutdown(this.ssl, this) & 2) != 0;
        } finally {
            this.lock.readLock().unlock();
            MethodRecorder.o(53442);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean wasShutdownSent() {
        MethodRecorder.i(53444);
        this.lock.readLock().lock();
        try {
            return (NativeCrypto.SSL_get_shutdown(this.ssl, this) & 1) != 0;
        } finally {
            this.lock.readLock().unlock();
            MethodRecorder.o(53444);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void write(FileDescriptor fileDescriptor, byte[] bArr, int i, int i2, int i3) throws IOException {
        MethodRecorder.i(53426);
        this.lock.readLock().lock();
        try {
            if (!isClosed() && fileDescriptor != null && fileDescriptor.valid()) {
                NativeCrypto.SSL_write(this.ssl, this, fileDescriptor, this.handshakeCallbacks, bArr, i, i2, i3);
            } else {
                SocketException socketException = new SocketException("Socket is closed");
                MethodRecorder.o(53426);
                throw socketException;
            }
        } finally {
            this.lock.readLock().unlock();
            MethodRecorder.o(53426);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int writeDirectByteBuffer(long j, int i) throws IOException {
        MethodRecorder.i(53447);
        this.lock.readLock().lock();
        try {
            return NativeCrypto.ENGINE_SSL_write_direct(this.ssl, this, j, i, this.handshakeCallbacks);
        } finally {
            this.lock.readLock().unlock();
            MethodRecorder.o(53447);
        }
    }
}
