package by.avest.crypto.conscrypt;

import by.avest.crypto.conscrypt.NativeCrypto;
import by.avest.crypto.conscrypt.SSLParametersImpl;
import by.avest.crypto.conscrypt.ref.OpenSSLContext;
import by.avest.crypto.conscrypt.ref.OpenSSLNativeResourceFinalizer;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ReadOnlyBufferException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import kotlin.UByte;
import org.apache.log4j.Logger;

/* loaded from: classes.dex */
public class OpenSSLEngineImpl extends SSLEngine implements NativeCrypto.SSLHandshakeCallbacks, SSLParametersImpl.AliasChooser, SSLParametersImpl.PSKCallbacks, OpenSSLContext {
    public static final String GOSSUOK_UNP_OID = "1.2.112.1.2.1.1.1.1.2";
    public static final String RUPIIC_UNP_OID = "1.3.6.1.4.1.12656.106.101";
    OpenSSLKey channelIdPrivateKey;
    private EngineState engineState;
    private OpenSSLSessionImpl handshakeSession;
    private OpenSSLBIOSink handshakeSink;
    private final OpenSSLBIOSink localToRemoteSink;
    private long sslNativePointer;
    private final SSLParametersImpl sslParameters;
    private OpenSSLSessionImpl sslSession;
    private final Object stateLock;
    private static final Logger logger_connect = Logger.getLogger("jetty_connect");
    private static OpenSSLBIOSource nullSource = OpenSSLBIOSource.wrap(ByteBuffer.allocate(0));
    protected static final char[] hexArray = "0123456789ABCDEF".toCharArray();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: by.avest.crypto.conscrypt.OpenSSLEngineImpl$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$by$avest$crypto$conscrypt$OpenSSLEngineImpl$EngineState;

        static {
            int[] iArr = new int[EngineState.values().length];
            $SwitchMap$by$avest$crypto$conscrypt$OpenSSLEngineImpl$EngineState = iArr;
            try {
                iArr[EngineState.HANDSHAKE_WANTED.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$by$avest$crypto$conscrypt$OpenSSLEngineImpl$EngineState[EngineState.HANDSHAKE_STARTED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$by$avest$crypto$conscrypt$OpenSSLEngineImpl$EngineState[EngineState.HANDSHAKE_COMPLETED.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$by$avest$crypto$conscrypt$OpenSSLEngineImpl$EngineState[EngineState.NEW.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$by$avest$crypto$conscrypt$OpenSSLEngineImpl$EngineState[EngineState.MODE_SET.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$by$avest$crypto$conscrypt$OpenSSLEngineImpl$EngineState[EngineState.CLOSED.ordinal()] = 6;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                $SwitchMap$by$avest$crypto$conscrypt$OpenSSLEngineImpl$EngineState[EngineState.CLOSED_INBOUND.ordinal()] = 7;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                $SwitchMap$by$avest$crypto$conscrypt$OpenSSLEngineImpl$EngineState[EngineState.CLOSED_OUTBOUND.ordinal()] = 8;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                $SwitchMap$by$avest$crypto$conscrypt$OpenSSLEngineImpl$EngineState[EngineState.READY.ordinal()] = 9;
            } catch (NoSuchFieldError unused9) {
            }
            try {
                $SwitchMap$by$avest$crypto$conscrypt$OpenSSLEngineImpl$EngineState[EngineState.READY_HANDSHAKE_CUT_THROUGH.ordinal()] = 10;
            } catch (NoSuchFieldError unused10) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public enum EngineState {
        NEW,
        MODE_SET,
        HANDSHAKE_WANTED,
        HANDSHAKE_STARTED,
        HANDSHAKE_COMPLETED,
        READY_HANDSHAKE_CUT_THROUGH,
        READY,
        CLOSED_INBOUND,
        CLOSED_OUTBOUND,
        CLOSED
    }

    /* loaded from: classes.dex */
    private static class MyResourceFinalizer extends OpenSSLNativeResourceFinalizer {
        public MyResourceFinalizer(OpenSSLEngineImpl openSSLEngineImpl) {
            super(openSSLEngineImpl);
        }

        @Override // by.avest.crypto.conscrypt.ref.OpenSSLNativeResourceFinalizer
        public void resourceFree(long j) throws Throwable {
            OpenSSLEngineImpl.free(j);
        }
    }

    public OpenSSLEngineImpl(SSLParametersImpl sSLParametersImpl) {
        this.stateLock = new Object();
        this.engineState = EngineState.NEW;
        this.localToRemoteSink = OpenSSLBIOSink.create();
        this.sslParameters = sSLParametersImpl;
        new MyResourceFinalizer(this);
    }

    public OpenSSLEngineImpl(String str, int i, SSLParametersImpl sSLParametersImpl) {
        super(str, i);
        this.stateLock = new Object();
        this.engineState = EngineState.NEW;
        this.localToRemoteSink = OpenSSLBIOSink.create();
        this.sslParameters = sSLParametersImpl;
        new MyResourceFinalizer(this);
    }

    public static String bytesToHex(byte[] bArr) {
        char[] cArr = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & UByte.MAX_VALUE;
            int i3 = i * 2;
            char[] cArr2 = hexArray;
            cArr[i3] = cArr2[i2 >>> 4];
            cArr[i3 + 1] = cArr2[i2 & 15];
        }
        return new String(cArr);
    }

    private static void checkIndex(int i, int i2, int i3) {
        if (i2 < 0) {
            throw new IndexOutOfBoundsException("offset < 0");
        }
        if (i3 < 0) {
            throw new IndexOutOfBoundsException("count < 0");
        }
        if (i2 > i) {
            throw new IndexOutOfBoundsException("offset > length");
        }
        if (i2 > i - i3) {
            throw new IndexOutOfBoundsException("offset + count > length");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void free(long j) {
        if (j != 0) {
            NativeCrypto.SSL_free(j);
        }
    }

    private String getInfo(SSLSession sSLSession) {
        StringBuilder sb = new StringBuilder("SSLSession [id=");
        sb.append(bytesToHex(sSLSession.getId()));
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            boolean z = true;
            boolean z2 = peerCertificates != null;
            if (peerCertificates.length == 0) {
                z = false;
            }
            if (z & z2) {
                X509Certificate x509Certificate = (X509Certificate) peerCertificates[0];
                sb.append(", peerCertSN=");
                sb.append(x509Certificate.getSerialNumber().toString(16));
                String parseUNP = parseUNP(x509Certificate);
                if (parseUNP != null) {
                    sb.append(", peerCertUNP=");
                    sb.append(parseUNP);
                }
            }
        } catch (Throwable th) {
            Logger logger = logger_connect;
            if (logger.isTraceEnabled()) {
                logger.trace(th);
            }
        }
        sb.append("]");
        return sb.toString();
    }

    private ByteBuffer getNextAvailableByteBuffer(ByteBuffer[] byteBufferArr, int i, int i2) {
        while (i < i2) {
            if (byteBufferArr[i].remaining() > 0) {
                return byteBufferArr[i];
            }
            i++;
        }
        return null;
    }

    private String getRemoteAddr4Log() {
        return getPeerHost() + ":" + getPeerPort();
    }

    public static String parseUNP(X509Certificate x509Certificate) throws IOException {
        String parseUNP = parseUNP(x509Certificate, GOSSUOK_UNP_OID);
        return parseUNP == null ? parseUNP(x509Certificate, RUPIIC_UNP_OID) : parseUNP;
    }

    public static String parseUNP(X509Certificate x509Certificate, String str) throws IOException {
        int i;
        byte[] extensionValue = x509Certificate.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        if (extensionValue.length < 2 || extensionValue[0] != 30) {
            throw new IOException("Error read UNP, wrong tag");
        }
        int i2 = extensionValue[1];
        int i3 = i2 & 255;
        if (i3 > 128) {
            i = (i2 & 255) - 128;
            i3 = 0;
            for (int i4 = 0; i4 < i; i4++) {
                int i5 = i4 + 2;
                if (i5 >= extensionValue.length) {
                    throw new IOException("Error read UNP, wrong format");
                }
                i3 = (i3 * 255) + (extensionValue[i5] & 255);
            }
            if (i + 2 + i3 != extensionValue.length) {
                throw new IOException("Error read UNP, wrong format");
            }
        } else {
            i = 0;
        }
        byte[] bArr = new byte[i3];
        System.arraycopy(extensionValue, i + 2, bArr, 0, i3);
        return new String(bArr, "UnicodeBigUnmarked");
    }

    private void shutdown() {
        try {
            NativeCrypto.SSL_shutdown_BIO(this.sslNativePointer, nullSource.getContext(), this.localToRemoteSink.getContext(), this);
        } catch (IOException unused) {
        }
    }

    private void shutdownAndFreeSslNative() {
        try {
            shutdown();
        } finally {
            free(this.sslNativePointer);
            this.sslNativePointer = 0L;
        }
    }

    private static int writeSinkToByteBuffer(OpenSSLBIOSink openSSLBIOSink, ByteBuffer byteBuffer) {
        int min = Math.min(openSSLBIOSink.available(), byteBuffer.remaining());
        byteBuffer.put(openSSLBIOSink.toByteArray(), openSSLBIOSink.position(), min);
        openSSLBIOSink.skip(min);
        return min;
    }

    @Override // javax.net.ssl.SSLEngine
    public void beginHandshake() throws SSLException {
        synchronized (this.stateLock) {
            if (this.engineState == EngineState.CLOSED || this.engineState == EngineState.CLOSED_OUTBOUND || this.engineState == EngineState.CLOSED_INBOUND) {
                throw new IllegalStateException("Engine has already been closed");
            }
            if (this.engineState == EngineState.HANDSHAKE_STARTED) {
                throw new IllegalStateException("Handshake has already been started");
            }
            if (this.engineState != EngineState.MODE_SET) {
                throw new IllegalStateException("Client/server mode must be set before handshake");
            }
            if (getUseClientMode()) {
                this.engineState = EngineState.HANDSHAKE_WANTED;
            } else {
                this.engineState = EngineState.HANDSHAKE_STARTED;
            }
        }
        try {
            try {
                long j = this.sslParameters.getSessionContext().sslCtxNativePointer;
                long SSL_new = NativeCrypto.SSL_new(j);
                this.sslNativePointer = SSL_new;
                this.sslSession = this.sslParameters.getSessionToReuse(SSL_new, getPeerHost(), getPeerPort());
                this.sslParameters.setSSLParameters(j, this.sslNativePointer, this, this, getPeerHost());
                this.sslParameters.setCertificateValidation(this.sslNativePointer);
                this.sslParameters.setTlsChannelId(this.sslNativePointer, this.channelIdPrivateKey);
                if (getUseClientMode()) {
                    NativeCrypto.SSL_set_connect_state(this.sslNativePointer);
                } else {
                    NativeCrypto.SSL_set_accept_state(this.sslNativePointer);
                }
                this.handshakeSink = OpenSSLBIOSink.create();
            } catch (IOException e) {
                if (e.getMessage().contains("unexpected CCS")) {
                    Platform.logEvent(String.format("ssl_unexpected_ccs: host=%s", getPeerHost()));
                }
                throw new SSLException(e);
            }
        } catch (Throwable th) {
            synchronized (this.stateLock) {
                this.engineState = EngineState.CLOSED;
                shutdownAndFreeSslNative();
                throw th;
            }
        }
    }

    @Override // by.avest.crypto.conscrypt.SSLParametersImpl.AliasChooser
    public String chooseClientAlias(X509KeyManager x509KeyManager, X500Principal[] x500PrincipalArr, String[] strArr) {
        return x509KeyManager instanceof X509ExtendedKeyManager ? ((X509ExtendedKeyManager) x509KeyManager).chooseEngineClientAlias(strArr, x500PrincipalArr, this) : x509KeyManager.chooseClientAlias(strArr, x500PrincipalArr, null);
    }

    @Override // by.avest.crypto.conscrypt.SSLParametersImpl.PSKCallbacks
    public String chooseClientPSKIdentity(PSKKeyManager pSKKeyManager, String str) {
        return pSKKeyManager.chooseClientKeyIdentity(str, this);
    }

    @Override // by.avest.crypto.conscrypt.SSLParametersImpl.AliasChooser
    public String chooseServerAlias(X509KeyManager x509KeyManager, String str) {
        return x509KeyManager instanceof X509ExtendedKeyManager ? ((X509ExtendedKeyManager) x509KeyManager).chooseEngineServerAlias(str, null, this) : x509KeyManager.chooseServerAlias(str, null, null);
    }

    @Override // by.avest.crypto.conscrypt.SSLParametersImpl.PSKCallbacks
    public String chooseServerPSKIdentityHint(PSKKeyManager pSKKeyManager) {
        return pSKKeyManager.chooseServerKeyIdentityHint(this);
    }

    @Override // by.avest.crypto.conscrypt.NativeCrypto.SSLHandshakeCallbacks
    public void clientCertificateRequested(byte[] bArr, byte[][] bArr2) throws CertificateEncodingException, SSLException {
        this.sslParameters.chooseClientCertificate(bArr, bArr2, this.sslNativePointer, this);
    }

    @Override // by.avest.crypto.conscrypt.NativeCrypto.SSLHandshakeCallbacks
    public int clientPSKKeyRequested(String str, byte[] bArr, byte[] bArr2) {
        return this.sslParameters.clientPSKKeyRequested(str, bArr, bArr2, this);
    }

    @Override // javax.net.ssl.SSLEngine
    public void closeInbound() throws SSLException {
        synchronized (this.stateLock) {
            if (this.engineState == EngineState.CLOSED) {
                return;
            }
            if (this.engineState == EngineState.CLOSED_OUTBOUND) {
                this.engineState = EngineState.CLOSED;
            } else {
                this.engineState = EngineState.CLOSED_INBOUND;
            }
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public void closeOutbound() {
        synchronized (this.stateLock) {
            if (this.engineState != EngineState.CLOSED && this.engineState != EngineState.CLOSED_OUTBOUND) {
                if (this.engineState != EngineState.MODE_SET && this.engineState != EngineState.NEW) {
                    shutdownAndFreeSslNative();
                }
                if (this.engineState == EngineState.CLOSED_INBOUND) {
                    this.engineState = EngineState.CLOSED;
                } else {
                    this.engineState = EngineState.CLOSED_OUTBOUND;
                }
                shutdown();
            }
        }
    }

    @Override // by.avest.crypto.conscrypt.ref.OpenSSLContext
    public long getContext() {
        return this.sslNativePointer;
    }

    @Override // javax.net.ssl.SSLEngine
    public Runnable getDelegatedTask() {
        return null;
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getEnableSessionCreation() {
        return this.sslParameters.getEnableSessionCreation();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getEnabledCipherSuites() {
        return this.sslParameters.getEnabledCipherSuites();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getEnabledProtocols() {
        return this.sslParameters.getEnabledProtocols();
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLSession getHandshakeSession() {
        return this.handshakeSession;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult.HandshakeStatus getHandshakeStatus() {
        synchronized (this.stateLock) {
            switch (AnonymousClass1.$SwitchMap$by$avest$crypto$conscrypt$OpenSSLEngineImpl$EngineState[this.engineState.ordinal()]) {
                case 1:
                    if (getUseClientMode()) {
                        return SSLEngineResult.HandshakeStatus.NEED_WRAP;
                    }
                    return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
                case 2:
                    if (this.handshakeSink.available() > 0) {
                        return SSLEngineResult.HandshakeStatus.NEED_WRAP;
                    }
                    return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
                case 3:
                    if (this.handshakeSink.available() != 0) {
                        return SSLEngineResult.HandshakeStatus.NEED_WRAP;
                    }
                    this.handshakeSink = null;
                    this.engineState = EngineState.READY;
                    return SSLEngineResult.HandshakeStatus.FINISHED;
                case 4:
                case 5:
                case 6:
                case 7:
                case 8:
                case 9:
                case 10:
                    return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
                default:
                    throw new IllegalStateException("Unexpected engine state: " + this.engineState);
            }
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getNeedClientAuth() {
        return this.sslParameters.getNeedClientAuth();
    }

    @Override // by.avest.crypto.conscrypt.SSLParametersImpl.PSKCallbacks
    public SecretKey getPSKKey(PSKKeyManager pSKKeyManager, String str, String str2) {
        return pSKKeyManager.getKey(str, str2, this);
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLSession getSession() {
        OpenSSLSessionImpl openSSLSessionImpl = this.sslSession;
        return openSSLSessionImpl == null ? SSLNullSession.getNullSession() : openSSLSessionImpl;
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedCipherSuites() {
        return NativeCrypto.getSupportedCipherSuites();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedProtocols() {
        return NativeCrypto.getSupportedProtocols();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getUseClientMode() {
        return this.sslParameters.getUseClientMode();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getWantClientAuth() {
        return this.sslParameters.getWantClientAuth();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean isInboundDone() {
        long j = this.sslNativePointer;
        boolean z = true;
        if (j != 0) {
            return (NativeCrypto.SSL_get_shutdown(j) & 2) != 0;
        }
        synchronized (this.stateLock) {
            if (this.engineState != EngineState.CLOSED && this.engineState != EngineState.CLOSED_INBOUND) {
                z = false;
            }
        }
        return z;
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean isOutboundDone() {
        boolean z;
        long j = this.sslNativePointer;
        if (j != 0) {
            return (NativeCrypto.SSL_get_shutdown(j) & 1) != 0;
        }
        synchronized (this.stateLock) {
            z = this.engineState == EngineState.CLOSED || this.engineState == EngineState.CLOSED_OUTBOUND;
        }
        return z;
    }

    @Override // by.avest.crypto.conscrypt.NativeCrypto.SSLHandshakeCallbacks
    public void onSSLStateChange(long j, int i, int i2) {
        synchronized (this.stateLock) {
            if (i == 16) {
                this.engineState = EngineState.HANDSHAKE_STARTED;
            } else if (i == 32) {
                if (this.engineState != EngineState.HANDSHAKE_STARTED && this.engineState != EngineState.READY_HANDSHAKE_CUT_THROUGH) {
                    throw new IllegalStateException("Completed handshake while in mode " + this.engineState);
                }
                this.engineState = EngineState.HANDSHAKE_COMPLETED;
            }
        }
    }

    @Override // by.avest.crypto.conscrypt.NativeCrypto.SSLHandshakeCallbacks
    public int serverPSKKeyRequested(String str, String str2, byte[] bArr) {
        return this.sslParameters.serverPSKKeyRequested(str, str2, bArr, this);
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnableSessionCreation(boolean z) {
        this.sslParameters.setEnableSessionCreation(z);
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnabledCipherSuites(String[] strArr) {
        this.sslParameters.setEnabledCipherSuites(strArr);
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnabledProtocols(String[] strArr) {
        this.sslParameters.setEnabledProtocols(strArr);
    }

    @Override // javax.net.ssl.SSLEngine
    public void setNeedClientAuth(boolean z) {
        this.sslParameters.setNeedClientAuth(z);
    }

    @Override // javax.net.ssl.SSLEngine
    public void setUseClientMode(boolean z) {
        synchronized (this.stateLock) {
            if (this.engineState != EngineState.MODE_SET && this.engineState != EngineState.NEW) {
                throw new IllegalArgumentException("Can not change mode after handshake: engineState == " + this.engineState);
            }
            this.engineState = EngineState.MODE_SET;
        }
        this.sslParameters.setUseClientMode(z);
    }

    @Override // javax.net.ssl.SSLEngine
    public void setWantClientAuth(boolean z) {
        this.sslParameters.setWantClientAuth(z);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v15, types: [java.lang.Object, java.lang.String] */
    /* JADX WARN: Type inference failed for: r1v16 */
    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr, int i, int i2) throws SSLException {
        OpenSSLBIOSource wrap;
        OpenSSLEngineImpl openSSLEngineImpl = this;
        ByteBuffer[] byteBufferArr2 = byteBufferArr;
        if (byteBuffer == null) {
            throw new IllegalArgumentException("src == null");
        }
        if (byteBufferArr2 == null) {
            throw new IllegalArgumentException("dsts == null");
        }
        checkIndex(byteBufferArr2.length, i, i2);
        int i3 = 0;
        for (int i4 = 0; i4 < byteBufferArr2.length; i4++) {
            ByteBuffer byteBuffer2 = byteBufferArr2[i4];
            if (byteBuffer2 == null) {
                throw new IllegalArgumentException("one of the dst == null");
            }
            if (byteBuffer2.isReadOnly()) {
                throw new ReadOnlyBufferException();
            }
            if (i4 >= i && i4 < i + i2) {
                i3 += byteBuffer2.remaining();
            }
        }
        synchronized (openSSLEngineImpl.stateLock) {
            if (openSSLEngineImpl.engineState != EngineState.CLOSED && openSSLEngineImpl.engineState != EngineState.CLOSED_INBOUND) {
                if (openSSLEngineImpl.engineState == EngineState.NEW || openSSLEngineImpl.engineState == EngineState.MODE_SET) {
                    beginHandshake();
                }
                SSLEngineResult.HandshakeStatus handshakeStatus = getHandshakeStatus();
                if (handshakeStatus != SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                    if (handshakeStatus != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
                        return new SSLEngineResult(SSLEngineResult.Status.OK, handshakeStatus, 0, 0);
                    }
                    if (i3 == 0) {
                        return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, getHandshakeStatus(), 0, 0);
                    }
                    ByteBuffer duplicate = byteBuffer.duplicate();
                    wrap = OpenSSLBIOSource.wrap(duplicate);
                    try {
                        try {
                            int position = duplicate.position();
                            int i5 = 0;
                            boolean z = false;
                            while (!z) {
                                ByteBuffer nextAvailableByteBuffer = openSSLEngineImpl.getNextAvailableByteBuffer(byteBufferArr2, i, i2);
                                if (nextAvailableByteBuffer == null) {
                                    z = true;
                                } else {
                                    ByteBuffer allocate = nextAvailableByteBuffer.isDirect() ? ByteBuffer.allocate(nextAvailableByteBuffer.remaining()) : nextAvailableByteBuffer;
                                    ByteBuffer byteBuffer3 = allocate;
                                    int i6 = i5;
                                    int SSL_read_BIO = NativeCrypto.SSL_read_BIO(openSSLEngineImpl.sslNativePointer, allocate.array(), allocate.arrayOffset() + allocate.position(), nextAvailableByteBuffer.remaining(), wrap.getContext(), openSSLEngineImpl.localToRemoteSink.getContext(), this);
                                    if (SSL_read_BIO <= 0) {
                                        openSSLEngineImpl = this;
                                        i5 = i6;
                                        z = true;
                                    } else {
                                        byteBuffer3.position(byteBuffer3.position() + SSL_read_BIO);
                                        i5 = i6 + SSL_read_BIO;
                                        if (nextAvailableByteBuffer != byteBuffer3) {
                                            byteBuffer3.flip();
                                            nextAvailableByteBuffer.put(byteBuffer3);
                                        }
                                        openSSLEngineImpl = this;
                                    }
                                    byteBufferArr2 = byteBufferArr;
                                }
                            }
                            int i7 = i5;
                            int position2 = duplicate.position() - position;
                            byteBuffer.position(duplicate.position());
                            return new SSLEngineResult(position2 > 0 ? SSLEngineResult.Status.OK : SSLEngineResult.Status.BUFFER_UNDERFLOW, getHandshakeStatus(), position2, i7);
                        } catch (IOException e) {
                            throw new SSLException(e);
                        }
                    } finally {
                        wrap.release();
                    }
                }
                int position3 = byteBuffer.position();
                wrap = OpenSSLBIOSource.wrap(byteBuffer);
                String str = "[" + getRemoteAddr4Log() + "] ";
                Logger logger = logger_connect;
                long j = str + "handshake_start";
                logger.debug(j);
                long currentTimeMillis = System.currentTimeMillis();
                try {
                    try {
                        long SSL_do_handshake_bio = NativeCrypto.SSL_do_handshake_bio(openSSLEngineImpl.sslNativePointer, wrap.getContext(), openSSLEngineImpl.handshakeSink.getContext(), this, getUseClientMode(), openSSLEngineImpl.sslParameters.npnProtocols, openSSLEngineImpl.sslParameters.alpnProtocols);
                        if (SSL_do_handshake_bio != 0) {
                            try {
                                if (openSSLEngineImpl.sslSession != null && openSSLEngineImpl.engineState == EngineState.HANDSHAKE_STARTED) {
                                    openSSLEngineImpl.engineState = EngineState.READY_HANDSHAKE_CUT_THROUGH;
                                }
                                openSSLEngineImpl.sslSession = openSSLEngineImpl.sslParameters.setupSession(SSL_do_handshake_bio, openSSLEngineImpl.sslNativePointer, openSSLEngineImpl.sslSession, getPeerHost(), getPeerPort(), true);
                            } catch (Exception e2) {
                                e = e2;
                                long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
                                logger_connect.debug(str + "handshake_failed, " + currentTimeMillis2 + ", " + e.getMessage(), e);
                                throw ((SSLHandshakeException) new SSLHandshakeException("Handshake failed").initCause(e));
                            }
                        }
                        long currentTimeMillis3 = System.currentTimeMillis() - currentTimeMillis;
                        StringBuilder sb = new StringBuilder();
                        sb.append(str);
                        sb.append("handshake_done, ");
                        sb.append(currentTimeMillis3);
                        sb.append(", ");
                        OpenSSLSessionImpl openSSLSessionImpl = openSSLEngineImpl.sslSession;
                        if (openSSLSessionImpl != null) {
                            sb.append(openSSLEngineImpl.getInfo(openSSLSessionImpl));
                        }
                        logger.debug(sb.toString());
                        int position4 = openSSLEngineImpl.handshakeSink.position();
                        int position5 = byteBuffer.position() - position3;
                        SSLEngineResult sSLEngineResult = new SSLEngineResult(position5 > 0 ? SSLEngineResult.Status.OK : SSLEngineResult.Status.BUFFER_UNDERFLOW, getHandshakeStatus(), position5, position4);
                        if (openSSLEngineImpl.sslSession == null && SSL_do_handshake_bio != 0) {
                            NativeCrypto.SSL_SESSION_free(SSL_do_handshake_bio);
                        }
                        return sSLEngineResult;
                    } catch (Throwable th) {
                        th = th;
                        if (openSSLEngineImpl.sslSession == null && j != 0) {
                            NativeCrypto.SSL_SESSION_free(j);
                        }
                        throw th;
                    }
                } catch (Exception e3) {
                    e = e3;
                } catch (Throwable th2) {
                    th = th2;
                    j = 0;
                    if (openSSLEngineImpl.sslSession == null) {
                        NativeCrypto.SSL_SESSION_free(j);
                    }
                    throw th;
                }
            }
            return new SSLEngineResult(SSLEngineResult.Status.CLOSED, getHandshakeStatus(), 0, 0);
        }
    }

    @Override // by.avest.crypto.conscrypt.NativeCrypto.SSLHandshakeCallbacks
    public void verifyCertificateChain(long j, long[] jArr, String str) throws CertificateException {
        try {
            try {
                try {
                    X509TrustManager x509TrustManager = this.sslParameters.getX509TrustManager();
                    if (x509TrustManager == null) {
                        throw new CertificateException("No X.509 TrustManager");
                    }
                    if (jArr == null || jArr.length == 0) {
                        throw new SSLException("Peer sent no certificate");
                    }
                    OpenSSLX509Certificate[] openSSLX509CertificateArr = new OpenSSLX509Certificate[jArr.length];
                    for (int i = 0; i < jArr.length; i++) {
                        openSSLX509CertificateArr[i] = new OpenSSLX509Certificate(jArr[i]);
                    }
                    this.handshakeSession = new OpenSSLSessionImpl(j, null, openSSLX509CertificateArr, getPeerHost(), getPeerPort(), null);
                    if (this.sslParameters.getUseClientMode()) {
                        Platform.checkServerTrusted(x509TrustManager, openSSLX509CertificateArr, str, this);
                    } else {
                        Platform.checkClientTrusted(x509TrustManager, openSSLX509CertificateArr, openSSLX509CertificateArr[0].getPublicKey().getAlgorithm(), this);
                    }
                    for (int i2 = 0; i2 < jArr.length; i2++) {
                        openSSLX509CertificateArr[i2].close();
                    }
                } catch (CertificateException e) {
                    throw e;
                }
            } catch (Exception e2) {
                throw new CertificateException(e2);
            }
        } finally {
            this.handshakeSession = null;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult wrap(ByteBuffer[] byteBufferArr, int i, int i2, ByteBuffer byteBuffer) throws SSLException {
        long j;
        if (byteBufferArr == null) {
            throw new IllegalArgumentException("srcs == null");
        }
        if (byteBuffer == null) {
            throw new IllegalArgumentException("dst == null");
        }
        if (byteBuffer.isReadOnly()) {
            throw new ReadOnlyBufferException();
        }
        for (ByteBuffer byteBuffer2 : byteBufferArr) {
            if (byteBuffer2 == null) {
                logger_connect.debug("one of the src == null");
            }
        }
        checkIndex(byteBufferArr.length, i, i2);
        if (byteBuffer.remaining() < 17733) {
            return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, getHandshakeStatus(), 0, 0);
        }
        synchronized (this.stateLock) {
            if (this.engineState != EngineState.CLOSED && this.engineState != EngineState.CLOSED_OUTBOUND) {
                if (this.engineState == EngineState.NEW || this.engineState == EngineState.MODE_SET) {
                    beginHandshake();
                }
                SSLEngineResult.HandshakeStatus handshakeStatus = getHandshakeStatus();
                if (handshakeStatus != SSLEngineResult.HandshakeStatus.NEED_WRAP) {
                    if (handshakeStatus != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
                        return new SSLEngineResult(SSLEngineResult.Status.OK, handshakeStatus, 0, 0);
                    }
                    byte[] bArr = null;
                    int i3 = i;
                    int i4 = 0;
                    while (i3 < i2) {
                        try {
                            ByteBuffer byteBuffer3 = byteBufferArr[i3];
                            int remaining = byteBuffer3.remaining();
                            if (bArr == null || remaining > bArr.length) {
                                bArr = new byte[remaining];
                            }
                            byte[] bArr2 = bArr;
                            byteBuffer3.duplicate().get(bArr2, 0, remaining);
                            int SSL_write_BIO = NativeCrypto.SSL_write_BIO(this.sslNativePointer, bArr2, remaining, this.localToRemoteSink.getContext(), this);
                            if (SSL_write_BIO > 0) {
                                byteBuffer3.position(byteBuffer3.position() + SSL_write_BIO);
                                i4 += SSL_write_BIO;
                            }
                            i3++;
                            bArr = bArr2;
                        } catch (IOException e) {
                            throw new SSLException(e);
                        }
                    }
                    return new SSLEngineResult(SSLEngineResult.Status.OK, getHandshakeStatus(), i4, writeSinkToByteBuffer(this.localToRemoteSink, byteBuffer));
                }
                if (this.handshakeSink.available() == 0) {
                    String str = "[" + getRemoteAddr4Log() + "] ";
                    Logger logger = logger_connect;
                    logger.debug(str + "handshake_start");
                    long currentTimeMillis = System.currentTimeMillis();
                    try {
                        j = NativeCrypto.SSL_do_handshake_bio(this.sslNativePointer, nullSource.getContext(), this.handshakeSink.getContext(), this, getUseClientMode(), this.sslParameters.npnProtocols, this.sslParameters.alpnProtocols);
                        if (j != 0) {
                            try {
                                try {
                                    if (this.sslSession != null && this.engineState == EngineState.HANDSHAKE_STARTED) {
                                        this.engineState = EngineState.READY_HANDSHAKE_CUT_THROUGH;
                                    }
                                    this.sslSession = this.sslParameters.setupSession(j, this.sslNativePointer, this.sslSession, getPeerHost(), getPeerPort(), true);
                                } catch (Exception e2) {
                                    e = e2;
                                    logger_connect.debug(str + "handshake_failed, " + (System.currentTimeMillis() - currentTimeMillis) + ", " + e.getMessage(), e);
                                    throw ((SSLHandshakeException) new SSLHandshakeException("Handshake failed").initCause(e));
                                }
                            } catch (Throwable th) {
                                th = th;
                                if (this.sslSession == null && j != 0) {
                                    NativeCrypto.SSL_SESSION_free(j);
                                }
                                throw th;
                            }
                        }
                        long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
                        StringBuilder sb = new StringBuilder();
                        sb.append(str);
                        sb.append("handshake_done, ");
                        sb.append(currentTimeMillis2);
                        sb.append(", ");
                        OpenSSLSessionImpl openSSLSessionImpl = this.sslSession;
                        if (openSSLSessionImpl != null) {
                            sb.append(getInfo(openSSLSessionImpl));
                        }
                        logger.debug(sb.toString());
                        if (this.sslSession == null && j != 0) {
                            NativeCrypto.SSL_SESSION_free(j);
                        }
                    } catch (Exception e3) {
                        e = e3;
                        j = 0;
                    } catch (Throwable th2) {
                        th = th2;
                        j = 0;
                        if (this.sslSession == null) {
                            NativeCrypto.SSL_SESSION_free(j);
                        }
                        throw th;
                    }
                }
                return new SSLEngineResult(SSLEngineResult.Status.OK, getHandshakeStatus(), 0, writeSinkToByteBuffer(this.handshakeSink, byteBuffer));
            }
            return new SSLEngineResult(SSLEngineResult.Status.CLOSED, getHandshakeStatus(), 0, 0);
        }
    }
}
