package org.conscrypt;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ReadOnlyBufferException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import org.conscrypt.NativeCrypto;
import org.conscrypt.SSLParametersImpl;

/* loaded from: input_file:org/conscrypt/OpenSSLEngineImpl.class */
public final class OpenSSLEngineImpl extends SSLEngine implements NativeCrypto.SSLHandshakeCallbacks, SSLParametersImpl.AliasChooser, SSLParametersImpl.PSKCallbacks {
    private static final SSLEngineResult NEED_UNWRAP_OK = new SSLEngineResult(SSLEngineResult.Status.OK, SSLEngineResult.HandshakeStatus.NEED_UNWRAP, 0, 0);
    private static final SSLEngineResult NEED_UNWRAP_CLOSED = new SSLEngineResult(SSLEngineResult.Status.CLOSED, SSLEngineResult.HandshakeStatus.NEED_UNWRAP, 0, 0);
    private static final SSLEngineResult NEED_WRAP_OK = new SSLEngineResult(SSLEngineResult.Status.OK, SSLEngineResult.HandshakeStatus.NEED_WRAP, 0, 0);
    private static final SSLEngineResult NEED_WRAP_CLOSED = new SSLEngineResult(SSLEngineResult.Status.CLOSED, SSLEngineResult.HandshakeStatus.NEED_WRAP, 0, 0);
    private static final SSLEngineResult CLOSED_NOT_HANDSHAKING = new SSLEngineResult(SSLEngineResult.Status.CLOSED, SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, 0, 0);
    private static final ByteBuffer EMPTY = ByteBuffer.allocateDirect(0);
    private static final long EMPTY_ADDR = NativeCrypto.getDirectBufferAddress(EMPTY);
    private final SSLParametersImpl sslParameters;
    private final Object stateLock;
    private EngineState engineState;
    private boolean handshakeFinished;
    private long sslNativePointer;
    private long networkBio;
    private AbstractOpenSSLSession sslSession;
    private AbstractOpenSSLSession handshakeSession;
    OpenSSLKey channelIdPrivateKey;
    private final ByteBuffer[] singleSrcBuffer;
    private final ByteBuffer[] singleDstBuffer;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/conscrypt/OpenSSLEngineImpl$EngineState.class */
    public enum EngineState {
        NEW,
        MODE_SET,
        HANDSHAKE_STARTED,
        HANDSHAKE_COMPLETED,
        READY_HANDSHAKE_CUT_THROUGH,
        READY,
        CLOSED_INBOUND,
        CLOSED_OUTBOUND,
        CLOSED
    }

    public OpenSSLEngineImpl(SSLParametersImpl sSLParametersImpl) {
        this.stateLock = new Object();
        this.engineState = EngineState.NEW;
        this.singleSrcBuffer = new ByteBuffer[1];
        this.singleDstBuffer = new ByteBuffer[1];
        this.sslParameters = sSLParametersImpl;
    }

    public OpenSSLEngineImpl(String str, int i, SSLParametersImpl sSLParametersImpl) {
        super(str, i);
        this.stateLock = new Object();
        this.engineState = EngineState.NEW;
        this.singleSrcBuffer = new ByteBuffer[1];
        this.singleDstBuffer = new ByteBuffer[1];
        this.sslParameters = sSLParametersImpl;
    }

    @Override // javax.net.ssl.SSLEngine
    public void beginHandshake() throws SSLException {
        synchronized (this.stateLock) {
            beginHandshakeInternal();
        }
    }

    private void beginHandshakeInternal() throws SSLException {
        switch (this.engineState) {
            case MODE_SET:
                this.engineState = EngineState.HANDSHAKE_STARTED;
                boolean z = true;
                try {
                    try {
                        long j = this.sslParameters.getSessionContext().sslCtxNativePointer;
                        this.sslParameters.setSSLCtxParameters(j);
                        this.sslNativePointer = NativeCrypto.SSL_new(j);
                        this.networkBio = NativeCrypto.SSL_BIO_new(this.sslNativePointer);
                        this.sslSession = this.sslParameters.getSessionToReuse(this.sslNativePointer, getPeerHost(), getPeerPort());
                        this.sslParameters.setSSLParameters(this.sslNativePointer, this, this, getPeerHost());
                        this.sslParameters.setCertificateValidation(this.sslNativePointer);
                        this.sslParameters.setTlsChannelId(this.sslNativePointer, this.channelIdPrivateKey);
                        if (getUseClientMode()) {
                            NativeCrypto.SSL_set_connect_state(this.sslNativePointer);
                        } else {
                            NativeCrypto.SSL_set_accept_state(this.sslNativePointer);
                        }
                        handshake();
                        z = false;
                        if (0 != 0) {
                            this.engineState = EngineState.CLOSED;
                            shutdownAndFreeSslNative();
                            return;
                        }
                        return;
                    } catch (IOException e) {
                        if (e.getMessage().contains("unexpected CCS")) {
                            Platform.logEvent(String.format("ssl_unexpected_ccs: host=%s", getPeerHost()));
                        }
                        throw new SSLException(e);
                    }
                } catch (Throwable th) {
                    if (z) {
                        this.engineState = EngineState.CLOSED;
                        shutdownAndFreeSslNative();
                    }
                    throw th;
                }
            case HANDSHAKE_STARTED:
                throw new IllegalStateException("Handshake has already been started");
            case CLOSED_INBOUND:
            case CLOSED_OUTBOUND:
            case CLOSED:
                throw new IllegalStateException("Engine has already been closed");
            default:
                throw new IllegalStateException("Client/server mode must be set before handshake");
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public void closeInbound() throws SSLException {
        synchronized (this.stateLock) {
            if (this.engineState == EngineState.CLOSED) {
                return;
            }
            if (this.engineState == EngineState.CLOSED_OUTBOUND) {
                this.engineState = EngineState.CLOSED;
            } else {
                this.engineState = EngineState.CLOSED_INBOUND;
            }
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public void closeOutbound() {
        synchronized (this.stateLock) {
            if (this.engineState == EngineState.CLOSED || this.engineState == EngineState.CLOSED_OUTBOUND) {
                return;
            }
            if (this.engineState != EngineState.MODE_SET && this.engineState != EngineState.NEW) {
                shutdownAndFreeSslNative();
            }
            if (this.engineState == EngineState.CLOSED_INBOUND) {
                this.engineState = EngineState.CLOSED;
            } else {
                this.engineState = EngineState.CLOSED_OUTBOUND;
            }
            shutdown();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public Runnable getDelegatedTask() {
        return null;
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getEnabledCipherSuites() {
        return this.sslParameters.getEnabledCipherSuites();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getEnabledProtocols() {
        return this.sslParameters.getEnabledProtocols();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getEnableSessionCreation() {
        return this.sslParameters.getEnableSessionCreation();
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult.HandshakeStatus getHandshakeStatus() {
        SSLEngineResult.HandshakeStatus handshakeStatusInternal;
        synchronized (this.stateLock) {
            handshakeStatusInternal = getHandshakeStatusInternal();
        }
        return handshakeStatusInternal;
    }

    private SSLEngineResult.HandshakeStatus getHandshakeStatusInternal() {
        if (this.handshakeFinished) {
            return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
        }
        switch (this.engineState) {
            case MODE_SET:
            case CLOSED_INBOUND:
            case CLOSED_OUTBOUND:
            case CLOSED:
            case NEW:
            case READY:
            case READY_HANDSHAKE_CUT_THROUGH:
                return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
            case HANDSHAKE_STARTED:
                return pendingStatus(pendingOutboundEncryptedBytes());
            case HANDSHAKE_COMPLETED:
                return SSLEngineResult.HandshakeStatus.NEED_WRAP;
            default:
                throw new IllegalStateException("Unexpected engine state: " + this.engineState);
        }
    }

    private int pendingOutboundEncryptedBytes() {
        return NativeCrypto.SSL_pending_written_bytes_in_BIO(this.networkBio);
    }

    private int pendingInboundCleartextBytes() {
        return NativeCrypto.SSL_pending_readable_bytes(this.sslNativePointer);
    }

    private int pendingInboundCleartextBytes(SSLEngineResult.HandshakeStatus handshakeStatus) {
        if (handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED) {
            return pendingInboundCleartextBytes();
        }
        return 0;
    }

    private static SSLEngineResult.HandshakeStatus pendingStatus(int i) {
        return i > 0 ? SSLEngineResult.HandshakeStatus.NEED_WRAP : SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getNeedClientAuth() {
        return this.sslParameters.getNeedClientAuth();
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLSession getSession() {
        return this.sslSession == null ? this.handshakeSession != null ? this.handshakeSession : SSLNullSession.getNullSession() : this.sslSession;
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedCipherSuites() {
        return NativeCrypto.getSupportedCipherSuites();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedProtocols() {
        return NativeCrypto.getSupportedProtocols();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getUseClientMode() {
        return this.sslParameters.getUseClientMode();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getWantClientAuth() {
        return this.sslParameters.getWantClientAuth();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean isInboundDone() {
        boolean z;
        if (this.sslNativePointer != 0) {
            return (NativeCrypto.SSL_get_shutdown(this.sslNativePointer) & 2) != 0;
        }
        synchronized (this.stateLock) {
            z = this.engineState == EngineState.CLOSED || this.engineState == EngineState.CLOSED_INBOUND;
        }
        return z;
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean isOutboundDone() {
        boolean z;
        if (this.sslNativePointer != 0) {
            return (NativeCrypto.SSL_get_shutdown(this.sslNativePointer) & 1) != 0;
        }
        synchronized (this.stateLock) {
            z = this.engineState == EngineState.CLOSED || this.engineState == EngineState.CLOSED_OUTBOUND;
        }
        return z;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnabledCipherSuites(String[] strArr) {
        this.sslParameters.setEnabledCipherSuites(strArr);
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnabledProtocols(String[] strArr) {
        this.sslParameters.setEnabledProtocols(strArr);
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnableSessionCreation(boolean z) {
        this.sslParameters.setEnableSessionCreation(z);
    }

    @Override // javax.net.ssl.SSLEngine
    public void setNeedClientAuth(boolean z) {
        this.sslParameters.setNeedClientAuth(z);
    }

    @Override // javax.net.ssl.SSLEngine
    public void setUseClientMode(boolean z) {
        synchronized (this.stateLock) {
            if (this.engineState != EngineState.MODE_SET && this.engineState != EngineState.NEW) {
                throw new IllegalArgumentException("Can not change mode after handshake: engineState == " + this.engineState);
            }
            this.engineState = EngineState.MODE_SET;
        }
        this.sslParameters.setUseClientMode(z);
    }

    @Override // javax.net.ssl.SSLEngine
    public void setWantClientAuth(boolean z) {
        this.sslParameters.setWantClientAuth(z);
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws SSLException {
        SSLEngineResult unwrap;
        synchronized (this.stateLock) {
            try {
                unwrap = unwrap(singleSrcBuffer(byteBuffer), singleDstBuffer(byteBuffer2));
                resetSingleSrcBuffer();
                resetSingleDstBuffer();
            } catch (Throwable th) {
                resetSingleSrcBuffer();
                resetSingleDstBuffer();
                throw th;
            }
        }
        return unwrap;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr) throws SSLException {
        SSLEngineResult unwrap;
        synchronized (this.stateLock) {
            try {
                unwrap = unwrap(singleSrcBuffer(byteBuffer), byteBufferArr);
                resetSingleSrcBuffer();
            } catch (Throwable th) {
                resetSingleSrcBuffer();
                throw th;
            }
        }
        return unwrap;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr, int i, int i2) throws SSLException {
        SSLEngineResult unwrap;
        synchronized (this.stateLock) {
            try {
                unwrap = unwrap(singleSrcBuffer(byteBuffer), 0, 1, byteBufferArr, i, i2);
                resetSingleSrcBuffer();
            } catch (Throwable th) {
                resetSingleSrcBuffer();
                throw th;
            }
        }
        return unwrap;
    }

    public SSLEngineResult unwrap(ByteBuffer[] byteBufferArr, ByteBuffer[] byteBufferArr2) throws SSLException {
        checkNotNull(byteBufferArr, "srcs", new Object[0]);
        checkNotNull(byteBufferArr2, "dsts", new Object[0]);
        return unwrap(byteBufferArr, 0, byteBufferArr.length, byteBufferArr2, 0, byteBufferArr2.length);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:34:0x00e7. Please report as an issue. */
    public SSLEngineResult unwrap(ByteBuffer[] byteBufferArr, int i, int i2, ByteBuffer[] byteBufferArr2, int i3, int i4) throws SSLException {
        int SSL_get_last_error_number;
        checkNotNull(byteBufferArr, "srcs", new Object[0]);
        checkNotNull(byteBufferArr2, "dsts", new Object[0]);
        checkIndex(byteBufferArr.length, i, i2, "srcs");
        checkIndex(byteBufferArr2.length, i3, i4, "dsts");
        int i5 = 0;
        int i6 = i3 + i4;
        for (int i7 = 0; i7 < byteBufferArr2.length; i7++) {
            ByteBuffer byteBuffer = byteBufferArr2[i7];
            checkNotNull(byteBuffer, "one of the dst", new Object[0]);
            if (byteBuffer.isReadOnly()) {
                throw new ReadOnlyBufferException();
            }
            if (i7 >= i3 && i7 < i3 + i4) {
                i5 += byteBuffer.remaining();
            }
        }
        int i8 = i + i2;
        long j = 0;
        for (int i9 = i; i9 < i8; i9++) {
            if (byteBufferArr[i9] == null) {
                throw new IllegalArgumentException("srcs[" + i9 + "] is null");
            }
            j += r0.remaining();
        }
        synchronized (this.stateLock) {
            switch (this.engineState) {
                case MODE_SET:
                    beginHandshakeInternal();
                case HANDSHAKE_STARTED:
                case CLOSED_OUTBOUND:
                case HANDSHAKE_COMPLETED:
                default:
                    SSLEngineResult.HandshakeStatus handshakeStatus = SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
                    if (!this.handshakeFinished) {
                        handshakeStatus = handshake();
                        if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
                            return NEED_WRAP_OK;
                        }
                        if (this.engineState == EngineState.CLOSED) {
                            return NEED_WRAP_CLOSED;
                        }
                    }
                    if (j < 5) {
                        return new SSLEngineResult(SSLEngineResult.Status.BUFFER_UNDERFLOW, getHandshakeStatus(), 0, 0);
                    }
                    int encryptedPacketLength = SSLUtils.getEncryptedPacketLength(byteBufferArr, i);
                    if (encryptedPacketLength < 0) {
                        throw new SSLException("Unable to parse TLS packet header");
                    }
                    if (j < encryptedPacketLength) {
                        return new SSLEngineResult(SSLEngineResult.Status.BUFFER_UNDERFLOW, getHandshakeStatus(), 0, 0);
                    }
                    int i10 = 0;
                    if (i < i8) {
                        int i11 = encryptedPacketLength;
                        while (true) {
                            ByteBuffer byteBuffer2 = byteBufferArr[i];
                            int remaining = byteBuffer2.remaining();
                            if (remaining == 0) {
                                i++;
                            } else {
                                int writeEncryptedData = writeEncryptedData(byteBuffer2, Math.min(i11, remaining));
                                if (writeEncryptedData > 0) {
                                    i11 -= writeEncryptedData;
                                    if (i11 != 0 && writeEncryptedData == remaining) {
                                        i++;
                                    }
                                } else {
                                    NativeCrypto.SSL_clear_error();
                                }
                            }
                            if (i >= i8) {
                            }
                        }
                        i10 = encryptedPacketLength - i11;
                    }
                    int i12 = 0;
                    if (i5 > 0) {
                        for (int i13 = i3; i13 < i6; i13++) {
                            ByteBuffer byteBuffer3 = byteBufferArr2[i13];
                            if (byteBuffer3.hasRemaining()) {
                                int readPlaintextData = readPlaintextData(byteBuffer3);
                                if (readPlaintextData <= 0) {
                                    switch (NativeCrypto.SSL_get_error(this.sslNativePointer, readPlaintextData)) {
                                        case 2:
                                        case 3:
                                            return newResult(i10, i12, handshakeStatus);
                                        case 4:
                                        case 5:
                                        default:
                                            return sslReadErrorResult(NativeCrypto.SSL_get_last_error_number(), i10, i12);
                                        case 6:
                                            closeAll();
                                            return newResult(i10, i12, handshakeStatus);
                                    }
                                }
                                i12 += readPlaintextData;
                                if (byteBuffer3.hasRemaining()) {
                                    return newResult(i10, i12, handshakeStatus);
                                }
                            }
                        }
                    } else {
                        try {
                            if (NativeCrypto.ENGINE_SSL_read_direct(this.sslNativePointer, EMPTY_ADDR, 0, this) <= 0 && (SSL_get_last_error_number = NativeCrypto.SSL_get_last_error_number()) != 0) {
                                return sslReadErrorResult(SSL_get_last_error_number, i10, 0);
                            }
                        } catch (IOException e) {
                            throw new SSLException(e);
                        }
                    }
                    if (pendingInboundCleartextBytes(handshakeStatus) > 0) {
                        return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, mayFinishHandshake(handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED ? handshakeStatus : getHandshakeStatusInternal()), i10, i12);
                    }
                    return newResult(i10, i12, handshakeStatus);
                case CLOSED_INBOUND:
                case CLOSED:
                    return new SSLEngineResult(SSLEngineResult.Status.CLOSED, getHandshakeStatusInternal(), 0, 0);
                case NEW:
                    throw new IllegalStateException("Client/server mode must be set before calling unwrap");
            }
        }
    }

    private SSLEngineResult.HandshakeStatus handshake() throws SSLException {
        try {
            try {
                int ENGINE_SSL_do_handshake = NativeCrypto.ENGINE_SSL_do_handshake(this.sslNativePointer, this);
                if (ENGINE_SSL_do_handshake <= 0) {
                    switch (NativeCrypto.SSL_get_error(this.sslNativePointer, ENGINE_SSL_do_handshake)) {
                        case 2:
                        case 3:
                            SSLEngineResult.HandshakeStatus pendingStatus = pendingStatus(pendingOutboundEncryptedBytes());
                            if (this.sslSession == null && 0 != 0) {
                                NativeCrypto.SSL_SESSION_free(0L);
                            }
                            return pendingStatus;
                        default:
                            throw shutdownWithError("SSL_do_handshake");
                    }
                }
                long SSL_get1_session = NativeCrypto.SSL_get1_session(this.sslNativePointer);
                if (SSL_get1_session == 0) {
                    throw shutdownWithError("Failed to obtain session after handshake completed");
                }
                this.sslSession = this.sslParameters.setupSession(SSL_get1_session, this.sslNativePointer, this.sslSession, getPeerHost(), getPeerPort(), true);
                if (this.sslSession == null || this.engineState != EngineState.HANDSHAKE_STARTED) {
                    this.engineState = EngineState.READY;
                } else {
                    this.engineState = EngineState.READY_HANDSHAKE_CUT_THROUGH;
                }
                this.handshakeFinished = true;
                SSLEngineResult.HandshakeStatus handshakeStatus = SSLEngineResult.HandshakeStatus.FINISHED;
                if (this.sslSession == null && SSL_get1_session != 0) {
                    NativeCrypto.SSL_SESSION_free(SSL_get1_session);
                }
                return handshakeStatus;
            } catch (Exception e) {
                throw ((SSLHandshakeException) new SSLHandshakeException("Handshake failed").initCause(e));
            }
        } catch (Throwable th) {
            if (this.sslSession == null && 0 != 0) {
                NativeCrypto.SSL_SESSION_free(0L);
            }
            throw th;
        }
    }

    private int writePlaintextData(ByteBuffer byteBuffer, int i) throws SSLException {
        int ENGINE_SSL_write_heap;
        try {
            int position = byteBuffer.position();
            if (byteBuffer.isDirect()) {
                ENGINE_SSL_write_heap = NativeCrypto.ENGINE_SSL_write_direct(this.sslNativePointer, NativeCrypto.getDirectBufferAddress(byteBuffer) + position, i, this);
            } else {
                ByteBuffer heapBuffer = toHeapBuffer(byteBuffer, i);
                ENGINE_SSL_write_heap = NativeCrypto.ENGINE_SSL_write_heap(this.sslNativePointer, heapBuffer.array(), heapBuffer.arrayOffset() + heapBuffer.position(), i, this);
            }
            if (ENGINE_SSL_write_heap > 0) {
                byteBuffer.position(position + ENGINE_SSL_write_heap);
            }
            return ENGINE_SSL_write_heap;
        } catch (IOException e) {
            throw new SSLException(e);
        }
    }

    private int readPlaintextData(ByteBuffer byteBuffer) throws SSLException {
        int ENGINE_SSL_read_heap;
        try {
            int position = byteBuffer.position();
            int min = Math.min(16709, byteBuffer.limit() - position);
            if (byteBuffer.isDirect()) {
                ENGINE_SSL_read_heap = NativeCrypto.ENGINE_SSL_read_direct(this.sslNativePointer, NativeCrypto.getDirectBufferAddress(byteBuffer) + position, min, this);
                if (ENGINE_SSL_read_heap > 0) {
                    byteBuffer.position(position + ENGINE_SSL_read_heap);
                }
            } else if (byteBuffer.hasArray()) {
                ENGINE_SSL_read_heap = NativeCrypto.ENGINE_SSL_read_heap(this.sslNativePointer, byteBuffer.array(), byteBuffer.arrayOffset() + position, min, this);
                if (ENGINE_SSL_read_heap > 0) {
                    byteBuffer.position(position + ENGINE_SSL_read_heap);
                }
            } else {
                byte[] bArr = new byte[min];
                ENGINE_SSL_read_heap = NativeCrypto.ENGINE_SSL_read_heap(this.sslNativePointer, bArr, 0, min, this);
                if (ENGINE_SSL_read_heap > 0) {
                    byteBuffer.put(bArr, 0, ENGINE_SSL_read_heap);
                }
            }
            return ENGINE_SSL_read_heap;
        } catch (IOException e) {
            throw new SSLException(e);
        }
    }

    private int writeEncryptedData(ByteBuffer byteBuffer, int i) throws SSLException {
        int ENGINE_SSL_write_BIO_heap;
        try {
            int position = byteBuffer.position();
            if (byteBuffer.isDirect()) {
                ENGINE_SSL_write_BIO_heap = NativeCrypto.ENGINE_SSL_write_BIO_direct(this.sslNativePointer, this.networkBio, NativeCrypto.getDirectBufferAddress(byteBuffer) + position, i, this);
            } else {
                ByteBuffer heapBuffer = toHeapBuffer(byteBuffer, i);
                ENGINE_SSL_write_BIO_heap = NativeCrypto.ENGINE_SSL_write_BIO_heap(this.sslNativePointer, this.networkBio, heapBuffer.array(), heapBuffer.arrayOffset() + heapBuffer.position(), i, this);
            }
            if (ENGINE_SSL_write_BIO_heap >= 0) {
                byteBuffer.position(position + ENGINE_SSL_write_BIO_heap);
            }
            return ENGINE_SSL_write_BIO_heap;
        } catch (IOException e) {
            throw new SSLException(e);
        }
    }

    private SSLEngineResult readPendingBytesFromBIO(ByteBuffer byteBuffer, int i, int i2, SSLEngineResult.HandshakeStatus handshakeStatus) throws SSLException {
        int pendingOutboundEncryptedBytes = pendingOutboundEncryptedBytes();
        if (pendingOutboundEncryptedBytes <= 0) {
            return null;
        }
        if (byteBuffer.remaining() < pendingOutboundEncryptedBytes) {
            return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, mayFinishHandshake(handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED ? handshakeStatus : getHandshakeStatus(pendingOutboundEncryptedBytes)), i, i2);
        }
        int readEncryptedData = readEncryptedData(byteBuffer, pendingOutboundEncryptedBytes);
        if (readEncryptedData <= 0) {
            NativeCrypto.SSL_clear_error();
        } else {
            i2 += readEncryptedData;
            pendingOutboundEncryptedBytes -= readEncryptedData;
        }
        return new SSLEngineResult(getEngineStatus(), mayFinishHandshake(handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED ? handshakeStatus : getHandshakeStatus(pendingOutboundEncryptedBytes)), i, i2);
    }

    private int readEncryptedData(ByteBuffer byteBuffer, int i) throws SSLException {
        try {
            int i2 = 0;
            if (byteBuffer.remaining() >= i) {
                int position = byteBuffer.position();
                int min = Math.min(i, byteBuffer.limit() - position);
                if (byteBuffer.isDirect()) {
                    i2 = NativeCrypto.ENGINE_SSL_read_BIO_direct(this.sslNativePointer, this.networkBio, NativeCrypto.getDirectBufferAddress(byteBuffer) + position, min, this);
                    if (i2 > 0) {
                        byteBuffer.position(position + i2);
                        return i2;
                    }
                } else if (byteBuffer.hasArray()) {
                    i2 = NativeCrypto.ENGINE_SSL_read_BIO_heap(this.sslNativePointer, this.networkBio, byteBuffer.array(), byteBuffer.arrayOffset() + position, i, this);
                    if (i2 > 0) {
                        byteBuffer.position(position + i2);
                        return i2;
                    }
                } else {
                    byte[] bArr = new byte[min];
                    i2 = NativeCrypto.ENGINE_SSL_read_BIO_heap(this.sslNativePointer, this.networkBio, bArr, 0, i, this);
                    if (i2 > 0) {
                        byteBuffer.put(bArr, 0, i2);
                        return i2;
                    }
                }
            }
            return i2;
        } catch (IOException e) {
            throw new SSLException(e);
        }
    }

    private SSLEngineResult.HandshakeStatus mayFinishHandshake(SSLEngineResult.HandshakeStatus handshakeStatus) throws SSLException {
        return (this.handshakeFinished || handshakeStatus != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) ? handshakeStatus : handshake();
    }

    private SSLEngineResult.HandshakeStatus getHandshakeStatus(int i) {
        return !this.handshakeFinished ? pendingStatus(i) : SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
    }

    private SSLEngineResult.Status getEngineStatus() {
        switch (this.engineState) {
            case CLOSED_INBOUND:
            case CLOSED_OUTBOUND:
            case CLOSED:
                return SSLEngineResult.Status.CLOSED;
            default:
                return SSLEngineResult.Status.OK;
        }
    }

    private void closeAll() throws SSLException {
        closeOutbound();
        closeInbound();
    }

    private SSLEngineResult sslReadErrorResult(int i, int i2, int i3) throws SSLException {
        if (this.handshakeFinished || pendingOutboundEncryptedBytes() <= 0) {
            throw shutdownWithError(NativeCrypto.SSL_get_error_string(i));
        }
        return new SSLEngineResult(SSLEngineResult.Status.OK, SSLEngineResult.HandshakeStatus.NEED_WRAP, i2, i3);
    }

    private SSLException shutdownWithError(String str) {
        shutdown();
        return getHandshakeStatusInternal() == SSLEngineResult.HandshakeStatus.FINISHED ? new SSLException(str) : new SSLHandshakeException(str);
    }

    private SSLEngineResult newResult(int i, int i2, SSLEngineResult.HandshakeStatus handshakeStatus) throws SSLException {
        return new SSLEngineResult(getEngineStatus(), mayFinishHandshake(handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED ? handshakeStatus : getHandshakeStatusInternal()), i, i2);
    }

    @Override // javax.net.ssl.SSLEngine
    public final SSLEngineResult wrap(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws SSLException {
        SSLEngineResult wrap;
        synchronized (this.stateLock) {
            try {
                wrap = wrap(singleSrcBuffer(byteBuffer), byteBuffer2);
                resetSingleSrcBuffer();
            } catch (Throwable th) {
                resetSingleSrcBuffer();
                throw th;
            }
        }
        return wrap;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult wrap(ByteBuffer[] byteBufferArr, int i, int i2, ByteBuffer byteBuffer) throws SSLException {
        SSLEngineResult readPendingBytesFromBIO;
        checkNotNull(byteBufferArr, "srcs", new Object[0]);
        checkNotNull(byteBuffer, "dst", new Object[0]);
        if (byteBuffer.isReadOnly()) {
            throw new ReadOnlyBufferException();
        }
        int i3 = i + i2;
        for (int i4 = i; i4 < i3; i4++) {
            checkNotNull(byteBufferArr[i4], "one of the src", new Object[0]);
        }
        checkIndex(byteBufferArr.length, i, i2, "srcs");
        synchronized (this.stateLock) {
            switch (this.engineState) {
                case MODE_SET:
                    beginHandshakeInternal();
                    break;
                case CLOSED_OUTBOUND:
                case CLOSED:
                    return new SSLEngineResult(SSLEngineResult.Status.CLOSED, getHandshakeStatusInternal(), 0, 0);
                case NEW:
                    throw new IllegalStateException("Client/server mode must be set before calling wrap");
            }
            SSLEngineResult.HandshakeStatus handshakeStatus = SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
            if (!this.handshakeFinished) {
                handshakeStatus = handshake();
                if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                    return NEED_UNWRAP_OK;
                }
                if (this.engineState == EngineState.CLOSED) {
                    return NEED_UNWRAP_CLOSED;
                }
            }
            if (byteBuffer.remaining() < 16709) {
                return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, getHandshakeStatusInternal(), 0, 0);
            }
            int i5 = 0;
            int i6 = 0;
            for (int i7 = i; i7 < i3; i7++) {
                ByteBuffer byteBuffer2 = byteBufferArr[i7];
                checkNotNull(byteBuffer2, "srcs[%d] is null", Integer.valueOf(i7));
                while (byteBuffer2.hasRemaining()) {
                    int writePlaintextData = writePlaintextData(byteBuffer2, Math.min(byteBuffer2.remaining(), 16384 - i6));
                    if (writePlaintextData <= 0) {
                        switch (NativeCrypto.SSL_get_error(this.sslNativePointer, writePlaintextData)) {
                            case 2:
                                SSLEngineResult readPendingBytesFromBIO2 = readPendingBytesFromBIO(byteBuffer, i6, i5, handshakeStatus);
                                return readPendingBytesFromBIO2 != null ? readPendingBytesFromBIO2 : new SSLEngineResult(getEngineStatus(), SSLEngineResult.HandshakeStatus.NEED_UNWRAP, i6, i5);
                            case 3:
                                SSLEngineResult readPendingBytesFromBIO3 = readPendingBytesFromBIO(byteBuffer, i6, i5, handshakeStatus);
                                return readPendingBytesFromBIO3 != null ? readPendingBytesFromBIO3 : NEED_WRAP_CLOSED;
                            case 4:
                            case 5:
                            default:
                                throw shutdownWithError("SSL_write");
                            case 6:
                                closeAll();
                                SSLEngineResult readPendingBytesFromBIO4 = readPendingBytesFromBIO(byteBuffer, i6, i5, handshakeStatus);
                                return readPendingBytesFromBIO4 != null ? readPendingBytesFromBIO4 : CLOSED_NOT_HANDSHAKING;
                        }
                    }
                    i6 += writePlaintextData;
                    SSLEngineResult readPendingBytesFromBIO5 = readPendingBytesFromBIO(byteBuffer, i6, i5, handshakeStatus);
                    if (readPendingBytesFromBIO5 != null) {
                        if (readPendingBytesFromBIO5.getStatus() != SSLEngineResult.Status.OK) {
                            return readPendingBytesFromBIO5;
                        }
                        i5 = readPendingBytesFromBIO5.bytesProduced();
                    }
                    if (i6 == 16384) {
                        return (i6 == 0 || (readPendingBytesFromBIO = readPendingBytesFromBIO(byteBuffer, 0, i5, handshakeStatus)) == null) ? newResult(i6, i5, handshakeStatus) : readPendingBytesFromBIO;
                    }
                }
            }
            if (i6 == 0) {
            }
        }
    }

    @Override // org.conscrypt.NativeCrypto.SSLHandshakeCallbacks
    public int clientPSKKeyRequested(String str, byte[] bArr, byte[] bArr2) {
        return this.sslParameters.clientPSKKeyRequested(str, bArr, bArr2, this);
    }

    @Override // org.conscrypt.NativeCrypto.SSLHandshakeCallbacks
    public int serverPSKKeyRequested(String str, String str2, byte[] bArr) {
        return this.sslParameters.serverPSKKeyRequested(str, str2, bArr, this);
    }

    @Override // org.conscrypt.NativeCrypto.SSLHandshakeCallbacks
    public void onSSLStateChange(int i, int i2) {
        synchronized (this.stateLock) {
            switch (i) {
                case 16:
                    this.engineState = EngineState.HANDSHAKE_STARTED;
                    break;
                case 32:
                    if (this.engineState != EngineState.HANDSHAKE_STARTED && this.engineState != EngineState.READY_HANDSHAKE_CUT_THROUGH) {
                        throw new IllegalStateException("Completed handshake while in mode " + this.engineState);
                    }
                    this.engineState = EngineState.HANDSHAKE_COMPLETED;
                    break;
            }
        }
    }

    @Override // org.conscrypt.NativeCrypto.SSLHandshakeCallbacks
    public void verifyCertificateChain(long[] jArr, String str) throws CertificateException {
        try {
            try {
                X509TrustManager x509TrustManager = this.sslParameters.getX509TrustManager();
                if (x509TrustManager == null) {
                    throw new CertificateException("No X.509 TrustManager");
                }
                if (jArr == null || jArr.length == 0) {
                    throw new SSLException("Peer sent no certificate");
                }
                OpenSSLX509Certificate[] createCertChain = OpenSSLX509Certificate.createCertChain(jArr);
                this.handshakeSession = new OpenSSLSessionImpl(NativeCrypto.SSL_get1_session(this.sslNativePointer), null, createCertChain, NativeCrypto.SSL_get_ocsp_response(this.sslNativePointer), NativeCrypto.SSL_get_signed_cert_timestamp_list(this.sslNativePointer), getPeerHost(), getPeerPort(), null);
                if (this.sslParameters.getUseClientMode()) {
                    Platform.checkServerTrusted(x509TrustManager, createCertChain, str, this);
                } else {
                    Platform.checkClientTrusted(x509TrustManager, createCertChain, createCertChain[0].getPublicKey().getAlgorithm(), this);
                }
            } catch (CertificateException e) {
                throw e;
            } catch (Exception e2) {
                throw new CertificateException(e2);
            }
        } finally {
            this.handshakeSession = null;
        }
    }

    @Override // org.conscrypt.NativeCrypto.SSLHandshakeCallbacks
    public void clientCertificateRequested(byte[] bArr, byte[][] bArr2) throws CertificateEncodingException, SSLException {
        this.sslParameters.chooseClientCertificate(bArr, bArr2, this.sslNativePointer, this);
    }

    private void shutdown() {
        try {
            NativeCrypto.ENGINE_SSL_shutdown(this.sslNativePointer, this);
        } catch (IOException e) {
        }
    }

    private void shutdownAndFreeSslNative() {
        try {
            shutdown();
        } finally {
            free();
        }
    }

    private void free() {
        if (this.sslNativePointer == 0) {
            return;
        }
        NativeCrypto.SSL_free(this.sslNativePointer);
        NativeCrypto.BIO_free_all(this.networkBio);
        this.sslNativePointer = 0L;
        this.networkBio = 0L;
    }

    protected void finalize() throws Throwable {
        try {
            free();
        } finally {
            super.finalize();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLSession getHandshakeSession() {
        return this.handshakeSession;
    }

    @Override // org.conscrypt.SSLParametersImpl.AliasChooser
    public String chooseServerAlias(X509KeyManager x509KeyManager, String str) {
        return x509KeyManager instanceof X509ExtendedKeyManager ? ((X509ExtendedKeyManager) x509KeyManager).chooseEngineServerAlias(str, null, this) : x509KeyManager.chooseServerAlias(str, null, null);
    }

    @Override // org.conscrypt.SSLParametersImpl.AliasChooser
    public String chooseClientAlias(X509KeyManager x509KeyManager, X500Principal[] x500PrincipalArr, String[] strArr) {
        return x509KeyManager instanceof X509ExtendedKeyManager ? ((X509ExtendedKeyManager) x509KeyManager).chooseEngineClientAlias(strArr, x500PrincipalArr, this) : x509KeyManager.chooseClientAlias(strArr, x500PrincipalArr, null);
    }

    @Override // org.conscrypt.SSLParametersImpl.PSKCallbacks
    public String chooseServerPSKIdentityHint(PSKKeyManager pSKKeyManager) {
        return pSKKeyManager.chooseServerKeyIdentityHint(this);
    }

    @Override // org.conscrypt.SSLParametersImpl.PSKCallbacks
    public String chooseClientPSKIdentity(PSKKeyManager pSKKeyManager, String str) {
        return pSKKeyManager.chooseClientKeyIdentity(str, this);
    }

    @Override // org.conscrypt.SSLParametersImpl.PSKCallbacks
    public SecretKey getPSKKey(PSKKeyManager pSKKeyManager, String str, String str2) {
        return pSKKeyManager.getKey(str, str2, this);
    }

    public void setUseSessionTickets(boolean z) {
        this.sslParameters.useSessionTickets = z;
    }

    public void setNpnProtocols(byte[] bArr) {
    }

    public void setAlpnProtocols(byte[] bArr) {
        if (bArr != null && bArr.length == 0) {
            throw new IllegalArgumentException("alpnProtocols.length == 0");
        }
        this.sslParameters.alpnProtocols = bArr;
    }

    public byte[] getNpnSelectedProtocol() {
        return null;
    }

    public byte[] getAlpnSelectedProtocol() {
        return NativeCrypto.SSL_get0_alpn_selected(this.sslNativePointer);
    }

    private ByteBuffer toHeapBuffer(ByteBuffer byteBuffer, int i) {
        if (byteBuffer.hasArray()) {
            return byteBuffer;
        }
        ByteBuffer allocate = ByteBuffer.allocate(i);
        int position = byteBuffer.position();
        int limit = byteBuffer.limit();
        byteBuffer.limit(position + i);
        try {
            allocate.put(byteBuffer);
            allocate.flip();
            byteBuffer.limit(limit);
            byteBuffer.position(position);
            return allocate;
        } catch (Throwable th) {
            byteBuffer.limit(limit);
            byteBuffer.position(position);
            throw th;
        }
    }

    private ByteBuffer[] singleSrcBuffer(ByteBuffer byteBuffer) {
        this.singleSrcBuffer[0] = byteBuffer;
        return this.singleSrcBuffer;
    }

    private void resetSingleSrcBuffer() {
        this.singleSrcBuffer[0] = null;
    }

    private ByteBuffer[] singleDstBuffer(ByteBuffer byteBuffer) {
        this.singleDstBuffer[0] = byteBuffer;
        return this.singleDstBuffer;
    }

    private void resetSingleDstBuffer() {
        this.singleDstBuffer[0] = null;
    }

    private static void checkIndex(int i, int i2, int i3, String str) {
        if ((i2 | i3) < 0 || i2 + i3 > i) {
            throw new IndexOutOfBoundsException("offset: " + i2 + ", length: " + i3 + " (expected: offset <= offset + length <= " + str + ".length (" + i + "))");
        }
    }

    private static <T> T checkNotNull(T t, String str, Object... objArr) {
        if (t == null) {
            throw new IllegalArgumentException(String.format(str, objArr));
        }
        return t;
    }
}
