package com.wolfssl.provider.jsse;

import com.wolfssl.WolfSSL;
import com.wolfssl.WolfSSLException;
import com.wolfssl.WolfSSLJNIException;
import java.io.ByteArrayOutputStream;
import java.security.KeyManagementException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes5.dex */
public class WolfSSLContext extends SSLContextSpi {
    private WolfSSLAuthStore authStore;
    private com.wolfssl.WolfSSLContext ctx;
    private WolfSSL.TLS_VERSION currentVersion;
    private WolfSSLParameters params;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.wolfssl.provider.jsse.WolfSSLContext$1, reason: invalid class name */
    /* loaded from: classes5.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$wolfssl$WolfSSL$TLS_VERSION;

        static {
            int[] iArr = new int[WolfSSL.TLS_VERSION.values().length];
            $SwitchMap$com$wolfssl$WolfSSL$TLS_VERSION = iArr;
            try {
                iArr[WolfSSL.TLS_VERSION.TLSv1.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$wolfssl$WolfSSL$TLS_VERSION[WolfSSL.TLS_VERSION.TLSv1_1.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$wolfssl$WolfSSL$TLS_VERSION[WolfSSL.TLS_VERSION.TLSv1_2.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$wolfssl$WolfSSL$TLS_VERSION[WolfSSL.TLS_VERSION.TLSv1_3.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$com$wolfssl$WolfSSL$TLS_VERSION[WolfSSL.TLS_VERSION.SSLv23.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
        }
    }

    /* loaded from: classes5.dex */
    public static final class DEFAULT_Context extends WolfSSLContext {
        public DEFAULT_Context() {
            super(WolfSSL.TLS_VERSION.SSLv23, null);
            WolfSSLDebug.log(DEFAULT_Context.class, WolfSSLDebug.INFO, "creating new WolfSSLContext using DEFAULT_Context");
            try {
                engineInit(null, null, null);
            } catch (Exception unused) {
                throw new IllegalStateException("wolfSSL engine init failed");
            }
        }
    }

    /* loaded from: classes5.dex */
    public static final class TLSV11_Context extends WolfSSLContext {
        public TLSV11_Context() {
            super(WolfSSL.TLS_VERSION.TLSv1_1, null);
            WolfSSLDebug.log(TLSV11_Context.class, WolfSSLDebug.INFO, "creating new WolfSSLContext using TLSV11_Context");
        }
    }

    /* loaded from: classes5.dex */
    public static final class TLSV12_Context extends WolfSSLContext {
        public TLSV12_Context() {
            super(WolfSSL.TLS_VERSION.TLSv1_2, null);
            WolfSSLDebug.log(TLSV12_Context.class, WolfSSLDebug.INFO, "creating new WolfSSLContext using TLSV12_Context");
        }
    }

    /* loaded from: classes5.dex */
    public static final class TLSV13_Context extends WolfSSLContext {
        public TLSV13_Context() {
            super(WolfSSL.TLS_VERSION.TLSv1_3, null);
            WolfSSLDebug.log(TLSV13_Context.class, WolfSSLDebug.INFO, "creating new WolfSSLContext using TLSV13_Context");
        }
    }

    /* loaded from: classes5.dex */
    public static final class TLSV1_Context extends WolfSSLContext {
        public TLSV1_Context() {
            super(WolfSSL.TLS_VERSION.TLSv1, null);
            WolfSSLDebug.log(TLSV1_Context.class, WolfSSLDebug.INFO, "creating new WolfSSLContext using TLSV1_Context");
        }
    }

    /* loaded from: classes5.dex */
    public static final class TLSV23_Context extends WolfSSLContext {
        public TLSV23_Context() {
            super(WolfSSL.TLS_VERSION.SSLv23, null);
            WolfSSLDebug.log(TLSV23_Context.class, WolfSSLDebug.INFO, "creating new WolfSSLContext using TLSV23_Context");
        }
    }

    private WolfSSLContext(WolfSSL.TLS_VERSION tls_version) {
        WolfSSL.TLS_VERSION tls_version2 = WolfSSL.TLS_VERSION.INVALID;
        this.authStore = null;
        this.ctx = null;
        this.params = null;
        this.currentVersion = tls_version;
    }

    /* synthetic */ WolfSSLContext(WolfSSL.TLS_VERSION tls_version, AnonymousClass1 anonymousClass1) {
        this(tls_version);
    }

    private void LoadClientKeyAndCertChain() throws Exception {
        X509KeyManager x509KeyManager = this.authStore.getX509KeyManager();
        String property = System.getProperty("java.version");
        if (x509KeyManager == null) {
            WolfSSLDebug.log(getClass(), WolfSSLDebug.ERROR, "internal KeyManager is null, no cert/key to load");
            return;
        }
        ArrayList arrayList = new ArrayList();
        if (WolfSSL.EccEnabled() && !property.equals("1.7.0_201") && !property.equals("1.7.0_171")) {
            arrayList.add("EC");
        }
        if (WolfSSL.RsaEnabled()) {
            arrayList.add("RSA");
        }
        String chooseClientAlias = x509KeyManager.chooseClientAlias((String[]) arrayList.toArray(new String[arrayList.size()]), null, null);
        this.authStore.setCertAlias(chooseClientAlias);
        PrivateKey privateKey = x509KeyManager.getPrivateKey(chooseClientAlias);
        if (privateKey != null) {
            byte[] encoded = privateKey.getEncoded();
            if (!privateKey.getFormat().equals("PKCS#8")) {
                throw new Exception("Private key is not in PKCS#8 format");
            }
            int usePrivateKeyBuffer = this.ctx.usePrivateKeyBuffer(Arrays.copyOfRange(encoded, WolfSSL.getPkcs8TraditionalOffset(encoded, 0L, encoded.length), encoded.length), r2.length, 2);
            if (usePrivateKeyBuffer != 1) {
                throw new WolfSSLJNIException("Failed to load private key buffer, err = " + usePrivateKeyBuffer);
            }
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "loaded private key from KeyManager (alias: " + chooseClientAlias + ")");
        } else {
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "no private key found, skipped loading");
        }
        X509Certificate[] certificateChain = x509KeyManager.getCertificateChain(chooseClientAlias);
        if (certificateChain == null) {
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "no certificate or chain found, skipped loading");
            return;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int i = 0;
        for (X509Certificate x509Certificate : certificateChain) {
            byteArrayOutputStream.write(x509Certificate.getEncoded());
            i++;
        }
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byteArrayOutputStream.close();
        int useCertificateChainBufferFormat = this.ctx.useCertificateChainBufferFormat(byteArray, byteArray.length, 2);
        if (useCertificateChainBufferFormat != 1) {
            throw new WolfSSLJNIException("Failed to load certificate chain buffer, err = " + useCertificateChainBufferFormat);
        }
        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "loaded certificate chain from KeyManager (length: " + i + ")");
    }

    private void LoadTrustedRootCerts() {
        X509TrustManager x509TrustManager = this.authStore.getX509TrustManager();
        if (x509TrustManager == null) {
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "internal TrustManager is null, no CAs to load");
            return;
        }
        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "Using X509TrustManager: " + x509TrustManager.toString());
        if (!(x509TrustManager instanceof WolfSSLTrustX509)) {
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "Deferring verification to checkClientTrusted/ServerTrusted()");
            return;
        }
        X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
        if (acceptedIssuers == null) {
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "internal TrustManager has no accepted issuers to load");
            return;
        }
        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "Number of certs in X509TrustManager: " + acceptedIssuers.length);
        int i = 0;
        for (int i2 = 0; i2 < acceptedIssuers.length; i2++) {
            try {
            } catch (WolfSSLJNIException unused) {
                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "skipped loading CA, JNI exception");
            } catch (CertificateEncodingException unused2) {
                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "skipped loading CA, encoding error");
            }
            if (this.ctx.loadVerifyBuffer(acceptedIssuers[i2].getEncoded(), r3.length, 2) == 1) {
                i++;
                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "loaded trusted root cert (" + acceptedIssuers[i2].getSigAlgName() + "): " + acceptedIssuers[i2].getSubjectX500Principal().getName("RFC1779"));
            }
        }
        if (acceptedIssuers.length > 0 && i == 0) {
            throw new IllegalArgumentException("wolfSSL failed to load any trusted CA certificates from TrustManager");
        }
    }

    private void createCtx() throws WolfSSLException {
        long TLSv1_Method;
        WolfSSLCustomUser GetCtxAttributes = WolfSSLCustomUser.GetCtxAttributes(this.currentVersion, WolfSSL.getCiphersAvailableIana(this.currentVersion));
        WolfSSL.TLS_VERSION tls_version = GetCtxAttributes.version;
        if (tls_version != WolfSSL.TLS_VERSION.TLSv1 && tls_version != WolfSSL.TLS_VERSION.TLSv1_1 && tls_version != WolfSSL.TLS_VERSION.TLSv1_2 && tls_version != WolfSSL.TLS_VERSION.TLSv1_3 && tls_version != WolfSSL.TLS_VERSION.SSLv23) {
            throw new IllegalArgumentException("Invalid SSL/TLS protocol version");
        }
        this.currentVersion = tls_version;
        int i = AnonymousClass1.$SwitchMap$com$wolfssl$WolfSSL$TLS_VERSION[tls_version.ordinal()];
        if (i == 1) {
            TLSv1_Method = WolfSSL.TLSv1_Method();
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "creating WolfSSLContext with TLSv1");
        } else if (i == 2) {
            TLSv1_Method = WolfSSL.TLSv1_1_Method();
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "creating WolfSSLContext with TLSv1_1");
        } else if (i == 3) {
            TLSv1_Method = WolfSSL.TLSv1_2_Method();
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "creating WolfSSLContext with TLSv1_2");
        } else if (i == 4) {
            TLSv1_Method = WolfSSL.TLSv1_3_Method();
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "creating WolfSSLContext with TLSv1_3");
        } else {
            if (i != 5) {
                throw new IllegalArgumentException("Invalid SSL/TLS protocol version");
            }
            TLSv1_Method = WolfSSL.SSLv23_Method();
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "creating WolfSSLContext with SSLv23");
        }
        if (TLSv1_Method == -174) {
            throw new IllegalArgumentException("Protocol version not compiled into native wolfSSL library");
        }
        this.ctx = new com.wolfssl.WolfSSLContext(TLSv1_Method);
        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "created new native WOLFSSL_CTX");
        try {
            LoadTrustedRootCerts();
            LoadClientKeyAndCertChain();
            String[] strArr = GetCtxAttributes.list;
            if (strArr == null || strArr.length <= 0) {
                this.params.setCipherSuites(WolfSSL.getCiphersIana());
            } else {
                this.params.setCipherSuites(strArr);
            }
            this.params.setProtocols(getProtocolsMask(GetCtxAttributes.noOptions));
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLEngine engineCreateSSLEngine() throws IllegalStateException {
        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "entered engineCreateSSLEngine()");
        if (this.ctx == null || this.authStore == null) {
            throw new IllegalStateException("SSLContext must be initialized before use, please call init()");
        }
        try {
            return new WolfSSLEngine(this.ctx, this.authStore, this.params);
        } catch (WolfSSLException unused) {
            throw new IllegalStateException("Unable to create engine");
        }
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLEngine engineCreateSSLEngine(String str, int i) throws IllegalStateException {
        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "entered engineCreateSSLEngine(String host, int port)");
        if (this.ctx == null || this.authStore == null) {
            throw new IllegalStateException("SSLContext must be initialized before use, please call init()");
        }
        try {
            return new WolfSSLEngine(this.ctx, this.authStore, this.params, str, i);
        } catch (WolfSSLException unused) {
            throw new IllegalStateException("Unable to create engine");
        }
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLSessionContext engineGetClientSessionContext() {
        return this.authStore.getClientContext();
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLParameters engineGetDefaultSSLParameters() {
        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "entered engineGetDefaultSSLParameters()");
        return WolfSSLParametersHelper.decoupleParams(this.params);
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLSessionContext engineGetServerSessionContext() {
        return this.authStore.getServerContext();
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLServerSocketFactory engineGetServerSocketFactory() throws IllegalStateException {
        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "entered engineGetServerSocketFactory()");
        if (this.ctx == null || this.authStore == null) {
            throw new IllegalStateException("SSLContext must be initialized before use, please call init()");
        }
        return new WolfSSLServerSocketFactory(this.ctx, this.authStore, this.params);
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLSocketFactory engineGetSocketFactory() throws IllegalStateException {
        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "entered engineGetSocketFactory()");
        if (this.ctx == null || this.authStore == null) {
            throw new IllegalStateException("SSLContext must be initialized before use, please call init()");
        }
        return new WolfSSLSocketFactory(this.ctx, this.authStore, this.params);
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLParameters engineGetSupportedSSLParameters() {
        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "entered engineGetSupportedSSLParameters()");
        return WolfSSLParametersHelper.decoupleParams(this.params);
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "entered engineInit(" + keyManagerArr + ", " + trustManagerArr + ", " + secureRandom + ")");
        try {
            this.authStore = new WolfSSLAuthStore(keyManagerArr, trustManagerArr, secureRandom, this.currentVersion);
            this.params = new WolfSSLParameters();
            createCtx();
        } catch (WolfSSLException e) {
            throw new KeyManagementException(e);
        } catch (IllegalArgumentException e2) {
            throw new KeyManagementException(e2);
        }
    }

    protected void finalize() throws Throwable {
        if (this.ctx != null) {
            this.ctx = null;
        }
        super.finalize();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WolfSSLAuthStore getInternalAuthStore() {
        return this.authStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WolfSSLParameters getInternalSSLParams() {
        return this.params;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public com.wolfssl.WolfSSLContext getInternalWolfSSLContext() {
        return this.ctx;
    }

    public String[] getProtocolsMask(long j) {
        com.wolfssl.WolfSSLContext wolfSSLContext = this.ctx;
        if (wolfSSLContext != null) {
            wolfSSLContext.setOptions(j);
        }
        return WolfSSL.getProtocolsMask(j);
    }
}
