package com.wolfssl.provider.jsse;

import ch.qos.logback.classic.net.SyslogAppender;
import ch.qos.logback.core.FileAppender;
import com.microsoft.authenticator.core.transport.NetworkUtils;
import com.wolfssl.WolfSSL;
import com.wolfssl.WolfSSLException;
import com.wolfssl.WolfSSLSession;
import java.net.SocketTimeoutException;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;

/* loaded from: classes6.dex */
public class WolfSSLEngineHelper {
    private WolfSSLAuthStore authStore;
    private boolean clientMode;
    private WolfSSLDebug debug;
    private String hostname;
    private boolean modeSet;
    private WolfSSLParameters params;
    private int port;
    private WolfSSLImplementSSLSession session;
    private boolean sessionCreation;
    private final WolfSSLSession ssl;
    private WolfSSLInternalVerifyCb wicb;

    /* JADX INFO: Access modifiers changed from: protected */
    public WolfSSLEngineHelper(WolfSSLSession wolfSSLSession, WolfSSLAuthStore wolfSSLAuthStore, WolfSSLParameters wolfSSLParameters) throws WolfSSLException {
        this.session = null;
        this.hostname = null;
        this.authStore = null;
        this.sessionCreation = true;
        this.modeSet = false;
        this.wicb = null;
        if (wolfSSLParameters == null || wolfSSLSession == null || wolfSSLAuthStore == null) {
            throw new WolfSSLException("Bad argument");
        }
        this.ssl = wolfSSLSession;
        this.params = wolfSSLParameters;
        this.authStore = wolfSSLAuthStore;
        this.session = new WolfSSLImplementSSLSession(wolfSSLAuthStore);
        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "created new WolfSSLEngineHelper()");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WolfSSLEngineHelper(WolfSSLSession wolfSSLSession, WolfSSLAuthStore wolfSSLAuthStore, WolfSSLParameters wolfSSLParameters, int i, String str) throws WolfSSLException {
        this.session = null;
        this.hostname = null;
        this.authStore = null;
        this.sessionCreation = true;
        this.modeSet = false;
        this.wicb = null;
        if (wolfSSLParameters == null || wolfSSLSession == null || wolfSSLAuthStore == null) {
            throw new WolfSSLException("Bad argument");
        }
        this.ssl = wolfSSLSession;
        this.params = wolfSSLParameters;
        this.port = i;
        this.hostname = str;
        this.authStore = wolfSSLAuthStore;
        this.session = new WolfSSLImplementSSLSession(wolfSSLAuthStore);
        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "created new WolfSSLEngineHelper(port: " + i + ", hostname: " + str + ")");
    }

    private void setLocalAlpnProtocols() {
        byte[] alpnProtos = this.params.getAlpnProtos();
        String[] applicationProtocols = this.params.getApplicationProtocols();
        if (alpnProtos != null && alpnProtos.length > 0 && applicationProtocols != null && applicationProtocols.length > 0) {
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "ALPN protocols found in both params.getAlpnProtos() and params.getApplicationProtocols()");
        }
        if (alpnProtos != null && alpnProtos.length > 0) {
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "Setting ALPN protocols for WOLFSSL session from byte[" + alpnProtos.length + "]");
            this.ssl.useALPN(alpnProtos);
        }
        if (applicationProtocols != null && applicationProtocols.length > 0) {
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "Setting Application Protocols for WOLFSSL session from String[]:");
            for (int i = 0; i < applicationProtocols.length; i++) {
                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, SyslogAppender.DEFAULT_STACKTRACE_PATTERN + i + ": " + applicationProtocols[i]);
            }
            this.ssl.useALPN(applicationProtocols, 2);
        }
        if (alpnProtos == null && applicationProtocols == null) {
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "No ALPN protocols set, not setting for this WOLFSSL session");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void setLocalAuth() {
        boolean z = this.clientMode;
        boolean z2 = z;
        if (this.params.getWantClientAuth()) {
            z2 = (z ? 1 : 0) | true;
        }
        int i = z2;
        if (this.params.getNeedClientAuth()) {
            i = (z2 ? 1 : 0) | 3;
        }
        if (this.authStore.getX509TrustManager() instanceof WolfSSLTrustX509) {
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "X509TrustManager is of type WolfSSLTrustX509");
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "Using native internal peer verification logic");
            this.ssl.setVerify(i, null);
        } else {
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "X509TrustManager is not of type WolfSSLTrustX509");
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "Using checkClientTrusted/ServerTrusted() for verification");
            WolfSSLInternalVerifyCb wolfSSLInternalVerifyCb = new WolfSSLInternalVerifyCb(this.authStore.getX509TrustManager(), this.clientMode);
            this.wicb = wolfSSLInternalVerifyCb;
            this.ssl.setVerify(1, wolfSSLInternalVerifyCb);
        }
    }

    private void setLocalCiphers(String[] strArr) throws IllegalArgumentException {
        try {
            StringBuilder sb = new StringBuilder();
            if (strArr != null && strArr.length != 0) {
                for (String str : strArr) {
                    sb.append(str);
                    sb.append(":");
                }
                if (sb.length() > 0) {
                    sb.deleteCharAt(sb.length() - 1);
                    String sb2 = sb.toString();
                    if (this.ssl.setCipherList(sb2) != 1) {
                        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "error setting cipher list " + sb2);
                    }
                }
            }
        } catch (IllegalStateException e) {
            throw new IllegalArgumentException(e);
        }
    }

    private void setLocalParams() {
        setLocalCiphers(this.params.getCipherSuites());
        setLocalProtocol(this.params.getProtocols());
        setLocalAuth();
        setLocalServerNames();
        setLocalSessionTicket();
        setLocalAlpnProtocols();
        setLocalSecureRenegotiation();
    }

    private void setLocalProtocol(String[] strArr) {
        boolean[] zArr = new boolean[5];
        Arrays.fill(zArr, false);
        if (strArr == null) {
            return;
        }
        for (int i = 0; i < strArr.length; i++) {
            if (strArr[i].equals("TLSv1.3")) {
                zArr[0] = true;
            }
            if (strArr[i].equals(NetworkUtils.TLS_V1_2)) {
                zArr[1] = true;
            }
            if (strArr[i].equals("TLSv1.1")) {
                zArr[2] = true;
            }
            if (strArr[i].equals("TLSv1")) {
                zArr[3] = true;
            }
            if (strArr[i].equals("SSLv3")) {
                zArr[4] = true;
            }
        }
        long j = !zArr[0] ? 536870912L : 0L;
        if (!zArr[1]) {
            j |= 134217728;
        }
        if (!zArr[2]) {
            j |= 67108864;
        }
        if (!zArr[3]) {
            j |= FileAppender.DEFAULT_BUFFER_SIZE;
        }
        if (!zArr[4]) {
            j |= 4096;
        }
        this.ssl.setOptions(j);
    }

    private void setLocalSecureRenegotiation() {
        int useSecureRenegotiation = this.ssl.useSecureRenegotiation();
        if (useSecureRenegotiation == 1 || useSecureRenegotiation == -174) {
            if (useSecureRenegotiation == 0) {
                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "enabled secure renegotiation support for session");
            }
        } else {
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "error enabling secure renegotiation, ret = " + useSecureRenegotiation);
        }
    }

    private void setLocalServerNames() {
        if (this.clientMode) {
            List<WolfSSLSNIServerName> serverNames = this.params.getServerNames();
            if (serverNames != null && serverNames.size() > 0) {
                WolfSSLSNIServerName wolfSSLSNIServerName = serverNames.get(0);
                if (wolfSSLSNIServerName != null) {
                    this.ssl.useSNI((byte) wolfSSLSNIServerName.getType(), wolfSSLSNIServerName.getEncoded());
                    return;
                }
                return;
            }
            if (System.getProperty("jsse.enableSNIExtension", "true").equalsIgnoreCase("true")) {
                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "jsse.enableSNIExtension property set to true, enabling SNI by default");
                if (this.hostname == null) {
                    WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "hostname is null, not setting SNI");
                    return;
                }
                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "setting SNI extension with hostname: " + this.hostname);
                this.ssl.useSNI((byte) 0, this.hostname.getBytes());
            }
        }
    }

    private void setLocalSessionTicket() {
        if (this.clientMode) {
            boolean useSessionTickets = this.params.getUseSessionTickets();
            String property = System.getProperty("jdk.tls.client.enableSessionTicketExtension");
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "SSLSocket.setUseSessionTickets() set to: " + String.valueOf(useSessionTickets));
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "jdk.tls.client.enableSessionTicketExtension property: " + property);
            if (!useSessionTickets && (property == null || !property.equalsIgnoreCase("true"))) {
                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "session tickets not enabled on this session");
            } else {
                this.ssl.useSessionTicket();
                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "session tickets enabled for this session");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int doHandshake(int i, int i2) throws SSLException, SocketTimeoutException {
        int accept;
        if (!this.modeSet) {
            throw new SSLException("setUseClientMode has not been called");
        }
        if (!this.sessionCreation && !this.session.fromTable) {
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "session creation not allowed");
            this.ssl.shutdownSSL();
            return 101;
        }
        if (!this.session.isValid()) {
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "session is marked as invalid, try creating a new seesion");
            if (!this.sessionCreation) {
                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "session creation not allowed");
                return 101;
            }
            this.session = this.authStore.getSession(this.ssl);
        }
        while (true) {
            if (this.clientMode) {
                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "calling native wolfSSL_connect()");
                accept = this.ssl.connect(i2);
            } else {
                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "calling native wolfSSL_accept()");
                accept = this.ssl.accept();
            }
            int error = this.ssl.getError(accept);
            if (accept == 1 || i != 0 || (error != 2 && error != 3)) {
                break;
            }
        }
        return accept;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] getAllCiphers() {
        return WolfSSL.getCiphersIana();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] getAllProtocols() {
        return WolfSSL.getProtocols();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getAlpnSelectedProtocol() {
        if (this.ssl.handshakeDone()) {
            return this.ssl.getAlpnSelected();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getAlpnSelectedProtocolString() {
        if (!this.ssl.handshakeDone()) {
            return null;
        }
        String alpnSelectedString = this.ssl.getAlpnSelectedString();
        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "selected ALPN protocol = " + alpnSelectedString);
        return alpnSelectedString;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] getCiphers() {
        return this.params.getCipherSuites();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getEnableSessionCreation() {
        return this.sessionCreation;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getNeedClientAuth() {
        return this.params.getNeedClientAuth();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] getProtocols() {
        return this.params.getProtocols();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WolfSSLImplementSSLSession getSession() {
        return this.session;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getUseClientMode() {
        return this.clientMode;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getWantClientAuth() {
        return this.params.getWantClientAuth();
    }

    protected WolfSSLSession getWolfSSLSession() {
        return this.ssl;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initHandshake() throws SSLException {
        if (!this.modeSet) {
            throw new SSLException("setUseClientMode has not been called");
        }
        WolfSSLImplementSSLSession session = this.authStore.getSession(this.ssl, this.port, this.hostname, this.clientMode);
        this.session = session;
        if (session == null || !this.clientMode) {
            session.setSessionContext(this.authStore.getServerContext());
            this.session.setSide(0);
        } else {
            session.setSessionContext(this.authStore.getClientContext());
            this.session.setSide(1);
        }
        WolfSSLImplementSSLSession wolfSSLImplementSSLSession = this.session;
        if (wolfSSLImplementSSLSession != null && !this.sessionCreation && !wolfSSLImplementSSLSession.fromTable) {
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "session creation not allowed");
            this.ssl.shutdownSSL();
            throw new SSLHandshakeException("Session creation not allowed");
        }
        if (wolfSSLImplementSSLSession != null && this.sessionCreation) {
            this.authStore.addSession(wolfSSLImplementSSLSession);
        }
        setLocalParams();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void saveSession() {
        WolfSSLImplementSSLSession wolfSSLImplementSSLSession = this.session;
        if (wolfSSLImplementSSLSession == null || !wolfSSLImplementSSLSession.isValid()) {
            return;
        }
        this.session.setResume();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setAlpnProtocols(byte[] bArr) {
        this.params.setAlpnProtocols(bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setCiphers(String[] strArr) throws IllegalArgumentException {
        if (strArr == null) {
            throw new IllegalArgumentException("input array is null");
        }
        if (strArr.length == 0) {
            throw new IllegalArgumentException("input array has length zero");
        }
        List asList = Arrays.asList(getAllCiphers());
        for (int i = 0; i < strArr.length; i++) {
            if (!asList.contains(strArr[i])) {
                throw new IllegalArgumentException("Unsupported CipherSuite: " + strArr[i]);
            }
        }
        this.params.setCipherSuites(strArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setEnableSessionCreation(boolean z) {
        this.sessionCreation = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setHostAndPort(String str, int i) {
        this.hostname = str;
        this.port = i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setNeedClientAuth(boolean z) {
        this.params.setNeedClientAuth(z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setProtocols(String[] strArr) throws IllegalArgumentException {
        if (strArr == null) {
            throw new IllegalArgumentException("input array is null");
        }
        if (strArr.length == 0) {
            throw new IllegalArgumentException("input array has length zero");
        }
        List asList = Arrays.asList(getAllProtocols());
        for (int i = 0; i < strArr.length; i++) {
            if (!asList.contains(strArr[i])) {
                throw new IllegalArgumentException("Unsupported protocol: " + strArr[i]);
            }
        }
        this.params.setProtocols(strArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setUseClientMode(boolean z) throws IllegalArgumentException {
        if (this.ssl.handshakeDone()) {
            throw new IllegalArgumentException("setUseClientMode() not allowed after handshake is completed");
        }
        this.clientMode = z;
        if (z) {
            this.ssl.setConnectState();
        } else {
            this.ssl.setAcceptState();
        }
        this.modeSet = true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setUseSessionTickets(boolean z) {
        this.params.setUseSessionTickets(z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setWantClientAuth(boolean z) {
        this.params.setWantClientAuth(z);
    }
}
