package ru.CryptoPro.sspiSSL;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.nio.ReadOnlyBufferException;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import okio.Utf8;
import ru.CryptoPro.JCP.Key.InternalGostPrivateKey;
import ru.CryptoPro.JCP.Key.PrivateKeyInterface;
import ru.CryptoPro.JCP.tools.Array;
import ru.CryptoPro.JCP.tools.CertReader.Extension;
import ru.CryptoPro.JCSP.Key.AbstractKeySpec;
import ru.CryptoPro.JCSP.MSCAPI.MSException;
import ru.CryptoPro.JCSP.MSCAPI.Sspi;
import ru.CryptoPro.ssl.ByteBufferInputStream;
import ru.CryptoPro.ssl.EngineArgs;
import ru.CryptoPro.ssl.SSLLogger;
import ru.CryptoPro.ssl.cl_88;
import userSamples.Constants;

/* loaded from: classes4.dex */
public class SSLEngineImpl extends SSLEngine {
    static final byte b = 21;
    static final byte c = 22;
    static final byte d = 23;
    static int e = 64;
    static int f = 128;
    static int h = 256;
    static int i = 512;
    static int k = 1024;
    static int l = 2048;
    static int n = 4096;
    static int o = 8192;
    static final /* synthetic */ boolean s = true;
    private static final int u = 0;
    private static final int v = 1;
    private static final int w = 2;
    private static final int x = 3;
    private static final int y = 4;
    private static final int z = 6;
    private Object A;
    private Object B;
    private boolean C;
    private SSLContextImpl D;
    private Sspi E;
    private SSLSessionImpl F;
    private byte G;
    private boolean H;
    private X509Certificate[] I;
    private X509Certificate[] J;
    private PrivateKey K;
    private X500Principal[] L;
    private boolean M;
    private LinkedList N;
    private cl_12 O;
    private cl_4 P;
    private cl_13 Q;
    private cl_3 R;
    private cl_26 S;
    private boolean T;
    private boolean U;
    Object a;
    SSLSocketImpl q;
    boolean r;
    private int t;
    static int g = 64 | 128;
    static int j = 256 | 512;
    static int m = 1024 | 2048;
    static int p = 4096 | 8192;

    public SSLEngineImpl(SSLContextImpl sSLContextImpl) {
        this.q = null;
        this.H = true;
        this.I = null;
        this.J = null;
        this.K = null;
        this.L = null;
        this.M = false;
        this.r = true;
        this.Q = cl_13.j;
        this.R = null;
        this.S = null;
        this.T = false;
        this.U = false;
        a(sSLContextImpl);
    }

    public SSLEngineImpl(SSLContextImpl sSLContextImpl, String str, int i2) {
        super(str, i2);
        this.q = null;
        this.H = true;
        this.I = null;
        this.J = null;
        this.K = null;
        this.L = null;
        this.M = false;
        this.r = true;
        this.Q = cl_13.j;
        this.R = null;
        this.S = null;
        this.T = false;
        this.U = false;
        a(sSLContextImpl);
    }

    public SSLEngineImpl(SSLContextImpl sSLContextImpl, boolean z2) {
        this.q = null;
        this.H = true;
        this.I = null;
        this.J = null;
        this.K = null;
        this.L = null;
        this.M = false;
        this.r = true;
        this.Q = cl_13.j;
        this.R = null;
        this.S = null;
        this.T = false;
        this.U = false;
        this.C = z2;
        a(sSLContextImpl);
    }

    private int a(InputStream inputStream, byte[] bArr, int i2, int i3) throws IOException {
        int i4 = 0;
        while (i4 < i3) {
            int i5 = i2 + i4;
            int read = inputStream.read(bArr, i5, i3 - i4);
            if (read < 0) {
                return i4 > 0 ? i4 : read;
            }
            if (SSLLogger.isAllEnabled()) {
                ByteBuffer wrap = ByteBuffer.wrap(bArr, i5, read);
                SSLLogger.dump("[Raw read]: length = ", Integer.valueOf(wrap.remaining()), wrap);
            }
            i4 += read;
        }
        return i4;
    }

    private SSLEngineResult.HandshakeStatus a(SSLEngineResult.HandshakeStatus handshakeStatus) {
        if (handshakeStatus != null) {
            return handshakeStatus;
        }
        synchronized (this) {
            if (d()) {
                return SSLEngineResult.HandshakeStatus.NEED_WRAP;
            }
            int i2 = this.t;
            if (i2 == 1) {
                return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
            }
            if (i2 != 6 || isInboundDone()) {
                return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
            }
            return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
        }
    }

    private SSLEngineResult a(EngineArgs engineArgs) throws IOException {
        SSLEngineResult.HandshakeStatus a = a((SSLEngineResult.HandshakeStatus) null);
        if (isInboundDone()) {
            return new SSLEngineResult(SSLEngineResult.Status.CLOSED, a, 0, 0);
        }
        byte[] bArr = new byte[cl_88.o];
        synchronized (this) {
            if (p() == 0 && !this.C) {
                return new SSLEngineResult(SSLEngineResult.Status.OK, a, 0, 0);
            }
            if ((p() == 0 || p() == 1) && (a = a((SSLEngineResult.HandshakeStatus) null)) == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
                return new SSLEngineResult(SSLEngineResult.Status.OK, a, 0, 0);
            }
            int c2 = c(engineArgs.netData);
            SSLSessionImpl sSLSessionImpl = this.F;
            if (sSLSessionImpl != null && c2 > sSLSessionImpl.getPacketBufferSize()) {
                if (c2 > 33305) {
                    throw new SSLProtocolException("Input SSL/TLS record too big: max = 33305 len = " + c2);
                }
                this.F.j();
            }
            if (c2 - 5 > engineArgs.getAppRemaining()) {
                return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, a, 0, 0);
            }
            if (c2 != -1 && engineArgs.netData.remaining() >= c2) {
                if (p() != 0 && p() != 1) {
                    if (engineArgs.netData.remaining() == 0 || engineArgs.netData.remaining() == engineArgs.netData.capacity()) {
                        return new SSLEngineResult(SSLEngineResult.Status.OK, a(a), 0, 0);
                    }
                    int a2 = a(new ByteBufferInputStream(engineArgs.netData), bArr, 0, cl_88.o);
                    if (bArr[0] == 21) {
                        m();
                    } else {
                        long[] jArr = new long[1];
                        byte[] decryptMessage = getSspi().decryptMessage(bArr, new int[]{a2}, jArr);
                        if (jArr[0] != 0) {
                            throw new SSLException("Invalid result 0x" + Integer.toHexString((int) jArr[0]));
                        }
                        if (decryptMessage != null && SSLLogger.isAllEnabled()) {
                            SSLLogger.dump("[Raw write decrypted]: length = ", Integer.valueOf(decryptMessage.length), ByteBuffer.wrap(decryptMessage));
                        }
                        engineArgs.scatter(decryptMessage);
                    }
                    return new SSLEngineResult(isInboundDone() ? SSLEngineResult.Status.CLOSED : SSLEngineResult.Status.OK, a(a), engineArgs.deltaNet(), engineArgs.deltaApp());
                }
                if (engineArgs.netData.remaining() != 0 && engineArgs.netData.remaining() != engineArgs.netData.capacity()) {
                    int a3 = a(new ByteBufferInputStream(engineArgs.netData), bArr, 0, cl_88.o);
                    initHandshake(bArr, a3);
                    doHandshakeStep(bArr, a3);
                    a = a((SSLEngineResult.HandshakeStatus) null);
                    if (a == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
                        return new SSLEngineResult(SSLEngineResult.Status.OK, a, 0, 0);
                    }
                }
                return new SSLEngineResult(SSLEngineResult.Status.OK, a(a), 0, 0);
            }
            return new SSLEngineResult(SSLEngineResult.Status.BUFFER_UNDERFLOW, a, 0, 0);
        }
    }

    private synchronized void a(int i2) {
        this.t = i2;
    }

    private static void a(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr, int i2, int i3, boolean z2) {
        if (byteBuffer == null || byteBufferArr == null) {
            throw new IllegalArgumentException("src/dst is null");
        }
        if (i2 < 0 || i3 < 0 || i2 > byteBufferArr.length - i3) {
            throw new IndexOutOfBoundsException();
        }
        if (z2 && byteBuffer.isReadOnly()) {
            throw new ReadOnlyBufferException();
        }
        for (int i4 = i2; i4 < i2 + i3; i4++) {
            if (byteBufferArr[i4] == null) {
                throw new IllegalArgumentException("appData[" + i4 + "] == null");
            }
            if (!z2 && byteBufferArr[i4].isReadOnly()) {
                throw new ReadOnlyBufferException();
            }
        }
    }

    private void a(SSLContextImpl sSLContextImpl) {
        this.D = sSLContextImpl;
        this.F = SSLSessionImpl.a;
        this.P = this.D.b(this.C);
        this.O = this.D.a(this.C);
        this.t = 0;
        this.A = new Object();
        this.B = new Object();
        this.a = new Object();
        this.N = new LinkedList();
        this.r = false;
    }

    static void a(cl_13 cl_13Var, boolean z2) throws SSLException {
        if (cl_13Var.n < cl_13.k.n || (cl_13Var.o & 255) > (cl_13.l.o & 255)) {
            if (!z2 || cl_13Var.n != cl_13.d.n) {
                throw new SSLException("Unsupported record version " + cl_13Var);
            }
        }
    }

    private boolean a(int[] iArr, int[] iArr2, boolean z2) throws SSLException {
        try {
            this.E.getCipherInfo(iArr, iArr2);
            return true;
        } catch (Exception e2) {
            if (z2) {
                return false;
            }
            throw new SSLException(e2);
        }
    }

    private SSLEngineResult b(EngineArgs engineArgs) throws IOException {
        SSLEngineResult.HandshakeStatus a = a((SSLEngineResult.HandshakeStatus) null);
        if (isOutboundDone()) {
            return new SSLEngineResult(SSLEngineResult.Status.CLOSED, a, 0, 0);
        }
        byte[] bArr = new byte[cl_88.o];
        synchronized (this) {
            if (p() == 0) {
                if (this.C) {
                    return new SSLEngineResult(SSLEngineResult.Status.OK, a, 0, 0);
                }
                initHandshake(bArr, 0);
                doHandshakeStep(null, 0);
                a = a((SSLEngineResult.HandshakeStatus) null);
                if (a == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                    return new SSLEngineResult(SSLEngineResult.Status.OK, a, 0, 0);
                }
            }
            if (p() == 1 && engineArgs.netData.remaining() != 0 && engineArgs.netData.remaining() != engineArgs.netData.capacity()) {
                doHandshakeStep(bArr, a(new ByteBufferInputStream(engineArgs.netData), bArr, 0, cl_88.o));
                a = a((SSLEngineResult.HandshakeStatus) null);
                if (a == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                    return new SSLEngineResult(SSLEngineResult.Status.OK, a, 0, 0);
                }
            }
            if (n()) {
                return new SSLEngineResult(SSLEngineResult.Status.OK, a(d(engineArgs.netData)), 0, 0);
            }
            if (p() != 2) {
                return new SSLEngineResult(SSLEngineResult.Status.OK, a(a), 0, 0);
            }
            if (engineArgs.getAppRemaining() == 0) {
                return new SSLEngineResult(SSLEngineResult.Status.OK, a, 0, 0);
            }
            int min = Math.min(engineArgs.getAppRemaining(), 16384);
            ByteBuffer byteBuffer = engineArgs.netData;
            int position = byteBuffer.position();
            byteBuffer.limit();
            engineArgs.gather(min);
            byteBuffer.limit(byteBuffer.position());
            byteBuffer.position(position);
            if (byteBuffer.remaining() == 0 || byteBuffer.remaining() == byteBuffer.capacity()) {
                return new SSLEngineResult(SSLEngineResult.Status.OK, a(a), 0, 0);
            }
            long[] jArr = new long[1];
            byte[] encryptMessage = getSspi().encryptMessage(bArr, new int[1], new int[]{a(new ByteBufferInputStream(byteBuffer), bArr, 0, cl_88.o)}, jArr);
            if (encryptMessage != null && SSLLogger.isAllEnabled()) {
                SSLLogger.dump("[Raw write encrypted]: length = ", Integer.valueOf(encryptMessage.length), ByteBuffer.wrap(encryptMessage));
            }
            if (jArr[0] != 0) {
                throw new SSLException("Invalid result 0x" + Integer.toHexString((int) jArr[0]));
            }
            byteBuffer.limit(encryptMessage.length);
            byteBuffer.position(0);
            byteBuffer.put(encryptMessage);
            byteBuffer.limit(encryptMessage.length);
            return new SSLEngineResult(isOutboundDone() ? SSLEngineResult.Status.CLOSED : SSLEngineResult.Status.OK, a(a), engineArgs.deltaApp(), engineArgs.deltaNet());
        }
    }

    private SSLEngineResult.HandshakeStatus d(ByteBuffer byteBuffer) throws SSLException {
        Object removeFirst = this.N.removeFirst();
        if (removeFirst == SSLEngineResult.HandshakeStatus.FINISHED) {
            return SSLEngineResult.HandshakeStatus.FINISHED;
        }
        boolean z2 = s;
        if (!z2 && !(removeFirst instanceof ByteBuffer)) {
            throw new AssertionError();
        }
        ByteBuffer byteBuffer2 = (ByteBuffer) removeFirst;
        if (!z2 && byteBuffer.remaining() < byteBuffer2.remaining()) {
            throw new AssertionError();
        }
        if (byteBuffer2.get(0) == 21) {
            m();
        }
        byteBuffer.limit(byteBuffer.position() + byteBuffer2.remaining());
        byteBuffer.put(byteBuffer2);
        if (!n()) {
            return null;
        }
        if (this.N.getFirst() != SSLEngineResult.HandshakeStatus.FINISHED) {
            return SSLEngineResult.HandshakeStatus.NEED_WRAP;
        }
        this.N.removeFirst();
        return SSLEngineResult.HandshakeStatus.FINISHED;
    }

    private void d(boolean z2) throws SSLException {
        SSLSessionImpl sSLSessionImpl;
        String str;
        SSLSessionImpl sSLSessionImpl2 = new SSLSessionImpl(this.E, this.Q, this.R, this.S, this.C ? f() : e(), g());
        this.F = sSLSessionImpl2;
        sSLSessionImpl2.a(this.K);
        this.F.b(this.I);
        this.F.a(System.currentTimeMillis());
        if (this.F.b()) {
            if (z2) {
                ((SSLSessionContextImpl) this.D.engineGetClientSessionContext()).a(this.F);
                sSLSessionImpl = this.F;
                str = "%% Cached client session: ";
            } else {
                ((SSLSessionContextImpl) this.D.engineGetServerSessionContext()).a(this.F);
                sSLSessionImpl = this.F;
                str = "%% Cached server session: ";
            }
        } else if (z2) {
            sSLSessionImpl = this.F;
            str = "%% Didn't cache non-resumable client session: ";
        } else {
            sSLSessionImpl = this.F;
            str = "%% Didn't cache non-resumable server session: ";
        }
        SSLLogger.fine(str, sSLSessionImpl);
    }

    private boolean e(boolean z2) throws SSLException {
        if (this.R != null && this.Q != null) {
            return true;
        }
        int[] iArr = new int[1];
        int[] iArr2 = new int[1];
        if (!a(iArr, iArr2, z2) || iArr2[0] == 0 || iArr[0] == 0) {
            return false;
        }
        this.R = cl_3.a(iArr2[0]);
        this.Q = cl_13.a(iArr[0]);
        SSLLogger.fine("Handshake attributes. Protocol: " + this.Q + " CipherSuite: " + this.R);
        return true;
    }

    private boolean f(boolean z2) throws SSLException {
        if (this.J != null) {
            return true;
        }
        try {
            byte[][] remoteCertificates = this.E.getRemoteCertificates();
            if (remoteCertificates != null) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("Remote certificate chain: (length: ").append(remoteCertificates.length).append(Extension.C_BRAKE);
                this.J = new X509Certificate[remoteCertificates.length];
                CertificateFactory certificateFactory = CertificateFactory.getInstance(Constants.CF_ALG);
                for (int i2 = 0; i2 < remoteCertificates.length; i2++) {
                    this.J[i2] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(remoteCertificates[i2]));
                    stringBuffer.append(this.J[i2].toString());
                }
                SSLLogger.fine(stringBuffer.toString());
                return true;
            }
        } catch (Exception e2) {
            if (!z2) {
                throw new SSLException(e2);
            }
        }
        return false;
    }

    private boolean g(boolean z2) throws SSLException {
        int[] iArr;
        byte[] sessionInfo;
        SSLSessionImpl sSLSessionImpl;
        if (this.S != null) {
            return true;
        }
        try {
            iArr = new int[1];
            sessionInfo = this.E.getSessionInfo(iArr);
        } catch (Exception e2) {
            if (!z2) {
                throw new SSLException(e2);
            }
        }
        if (sessionInfo == null || sessionInfo.length == 0) {
            if (z2) {
                return false;
            }
            throw new SSLException("Invalid session info");
        }
        this.S = new cl_26(sessionInfo);
        SSLLogger.fine("Handshake session info. SessionID: " + Array.toHexString(this.S.b()) + " Reconnect: " + iArr[0]);
        if (!this.C && (sSLSessionImpl = this.F) != null) {
            if (sSLSessionImpl.d().equals(this.S)) {
                SSLLogger.fine("Session " + this.F + " is reused");
            } else {
                SSLLogger.fine("Client received new SessionID.");
                SSLLogger.fine("Remove session " + this.F + " with old SessionID " + Array.toHexString(this.F.d().b()) + " from cache");
                ((SSLSessionContextImpl) this.D.engineGetClientSessionContext()).a(this.F.d());
                this.F = null;
                this.M = false;
                this.J = null;
            }
        }
        return true;
    }

    private void i() throws SSLException {
        if (this.M) {
            return;
        }
        if (this.J == null) {
            a(new CertificateException("Empty server certificate chain"));
        }
        String c2 = this.F.g().c();
        X509TrustManager c3 = this.D.c();
        try {
            if (!(c3 instanceof X509ExtendedTrustManager)) {
                throw new CertificateException("Improper X509TrustManager implementation");
            }
            ((X509ExtendedTrustManager) c3).checkServerTrusted((X509Certificate[]) this.J.clone(), c2, this);
            this.M = true;
        } catch (CertificateException e2) {
            a(e2);
        }
    }

    private void j() throws SSLException {
        if (this.M) {
            return;
        }
        if (this.J == null) {
            a(new CertificateException("Empty client certificate chain"));
        }
        String c2 = this.F.g().c();
        X509TrustManager c3 = this.D.c();
        try {
            if (!(c3 instanceof X509ExtendedTrustManager)) {
                throw new CertificateException("Improper X509TrustManager implementation");
            }
            ((X509ExtendedTrustManager) c3).checkClientTrusted((X509Certificate[]) this.J.clone(), c2, this);
            this.M = true;
        } catch (CertificateException e2) {
            a(e2);
        }
    }

    private void k() throws SSLException {
        String str;
        try {
            byte[][] issuers = this.E.getIssuers();
            if (issuers != null) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("Certificate issuers list: (count: ").append(issuers.length).append(Extension.C_BRAKE);
                this.L = new X500Principal[issuers.length];
                for (int i2 = 0; i2 < issuers.length; i2++) {
                    this.L[i2] = new X500Principal(issuers[i2]);
                    stringBuffer.append("   \n").append(this.L[i2].toString());
                }
                str = stringBuffer.toString();
            } else {
                str = "Issuers list is empty";
            }
            SSLLogger.fine(str);
        } catch (Exception e2) {
            throw new SSLException(e2);
        }
    }

    private static String l() {
        return Thread.currentThread().getName();
    }

    private void m() throws SSLException {
        SSLLogger.fine(l() + " closeInboundInternal()");
        if (this.T) {
            return;
        }
        o();
        this.T = true;
        try {
            this.E.deleteSecurityContext();
            this.t = 6;
        } catch (MSException e2) {
            throw new SSLException(e2);
        }
    }

    private boolean n() {
        return this.N.size() != 0;
    }

    private void o() {
        SSLLogger.fine(l() + " closeOutboundInternal()");
        if (isOutboundDone()) {
            return;
        }
        int i2 = this.t;
        if (i2 == 0) {
            this.U = true;
            this.T = true;
        } else if (i2 != 4 && i2 != 6) {
            c(true);
            this.U = true;
        }
        this.t = 6;
    }

    private synchronized int p() {
        return this.t;
    }

    /* JADX WARN: Removed duplicated region for block: B:60:0x010f A[Catch: Exception -> 0x0142, TryCatch #1 {Exception -> 0x0142, blocks: (B:10:0x0014, B:23:0x003b, B:26:0x004e, B:28:0x0055, B:29:0x0058, B:31:0x005e, B:34:0x006c, B:35:0x0071, B:38:0x0075, B:39:0x0092, B:42:0x0097, B:44:0x00a5, B:46:0x00a8, B:47:0x00af, B:48:0x00b0, B:51:0x00ba, B:52:0x00c7, B:58:0x0109, B:60:0x010f, B:62:0x0115, B:64:0x0119, B:66:0x011d, B:68:0x0124, B:70:0x0128, B:82:0x00df, B:84:0x00e5, B:85:0x00f3, B:86:0x0105), top: B:9:0x0014 }] */
    /* JADX WARN: Removed duplicated region for block: B:73:0x0132  */
    /* JADX WARN: Removed duplicated region for block: B:76:0x0134  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    int a(boolean r21, byte[] r22) throws javax.net.ssl.SSLException {
        /*
            Method dump skipped, instructions count: 339
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ru.CryptoPro.sspiSSL.SSLEngineImpl.a(boolean, byte[]):int");
    }

    void a() throws SSLException {
        if (this.I != null && this.K != null) {
            SSLLogger.fine("Server credentials were already sent.");
            return;
        }
        SSLLogger.fine("Create new server credentials.");
        this.Q = this.O.b;
        Collection b2 = this.P.b();
        int[] iArr = new int[this.P.c()];
        X509ExtendedKeyManager b3 = this.D.b();
        Iterator it = b2.iterator();
        int i2 = 0;
        while (it.hasNext()) {
            iArr[i2] = ((cl_3) it.next()).f;
            i2++;
        }
        try {
            String[] serverAliases = b3.getServerAliases("GOST3410EL", null);
            if (serverAliases == null) {
                throw new SSLException("Server container not found.");
            }
            int length = serverAliases.length;
            int i3 = 0;
            while (true) {
                if (i3 >= length) {
                    break;
                }
                String str = serverAliases[i3];
                SSLLogger.fine("Checking private key: " + str);
                X509Certificate[] certificateChain = b3.getCertificateChain(str);
                if (certificateChain != null && certificateChain.length != 0) {
                    SSLLogger.fine("Certificate chain " + str + " found.");
                    PrivateKey privateKey = b3.getPrivateKey(str);
                    if (privateKey != null) {
                        SSLLogger.fine("Private key " + str + " is available.");
                        this.K = privateKey;
                        this.I = certificateChain;
                        SSLLogger.fine("%% Chosen server alias: " + str);
                        break;
                    }
                }
                i3++;
            }
            PrivateKey privateKey2 = this.K;
            if (privateKey2 == null || this.I == null) {
                throw new SSLException("Server container not found.");
            }
            PrivateKeyInterface extractSpec = InternalGostPrivateKey.extractSpec(privateKey2);
            if (!(extractSpec instanceof AbstractKeySpec)) {
                throw new InvalidKeyException("Invalid key");
            }
            this.E.acquireCredentialsHandle(b(), iArr, this.I[0].getEncoded(), ((AbstractKeySpec) extractSpec).getKey().getProvHandle().getHandle(), ((AbstractKeySpec) extractSpec).getKeyType());
            SSLLogger.fine("Acquire server credentials done");
        } catch (Exception e2) {
            a(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void a(Throwable th) throws SSLException {
        SSLLogger.fatal(l() + ", fatal error: " + th);
        this.T = true;
        SSLSessionImpl sSLSessionImpl = this.F;
        if (sSLSessionImpl != null) {
            sSLSessionImpl.invalidate();
        }
        c();
        if (!(th instanceof SSLException)) {
            throw new SSLException(th.getCause());
        }
        throw ((SSLException) th);
    }

    void a(ByteBuffer byteBuffer) {
        this.N.addLast(byteBuffer);
    }

    void a(boolean z2) throws SSLException {
        String str;
        if (!z2 && this.I != null && this.K != null) {
            SSLLogger.fine("Client credentials were already sent.");
            return;
        }
        SSLLogger.fine("Create new client credentials.");
        this.Q = this.O.b;
        Collection b2 = this.P.b();
        int[] iArr = new int[this.P.c()];
        Iterator it = b2.iterator();
        int i2 = 0;
        while (it.hasNext()) {
            iArr[i2] = ((cl_3) it.next()).f;
            i2++;
        }
        try {
            X509ExtendedKeyManager b3 = this.D.b();
            SSLLogger.fine("Search for client containers with GOST algorithms...");
            String[] strArr = {"GOST3410EL"};
            int i3 = 0;
            boolean z3 = false;
            while (true) {
                if (i3 >= 1) {
                    break;
                }
                String[] clientAliases = b3.getClientAliases(strArr[i3], this.L);
                if (clientAliases != null) {
                    if (clientAliases.length > 1 && z2) {
                        SSLLogger.fine("Client certificate will be sent after certificate request.");
                        break;
                    }
                    int length = clientAliases.length;
                    int i4 = 0;
                    while (true) {
                        if (i4 >= length) {
                            break;
                        }
                        String str2 = clientAliases[i4];
                        SSLLogger.fine("Checking private key: " + str2);
                        X509Certificate[] certificateChain = b3.getCertificateChain(str2);
                        if (certificateChain != null && certificateChain.length != 0) {
                            SSLLogger.fine("Certificate chain " + str2 + " found.");
                            PrivateKey privateKey = b3.getPrivateKey(str2);
                            if (privateKey != null) {
                                SSLLogger.fine("Private key " + str2 + " is available.");
                                this.K = privateKey;
                                this.I = certificateChain;
                                SSLLogger.fine("%% Chosen client alias: " + str2);
                                z3 = true;
                                break;
                            }
                        }
                        i4++;
                    }
                    if (z3) {
                        break;
                    }
                } else {
                    SSLLogger.fine("Appropriate client aliases not found.");
                }
                i3++;
            }
            PrivateKey privateKey2 = this.K;
            if (privateKey2 != null && this.I != null) {
                PrivateKeyInterface extractSpec = InternalGostPrivateKey.extractSpec(privateKey2);
                if (!(extractSpec instanceof AbstractKeySpec)) {
                    throw new InvalidKeyException("Invalid key");
                }
                long handle = ((AbstractKeySpec) extractSpec).getKey().getProvHandle().getHandle();
                int keyType = ((AbstractKeySpec) extractSpec).getKeyType();
                byte[] encoded = this.I[0].getEncoded();
                if (!z2) {
                    SSLLogger.fine("Remove old credentials and session " + this.F + " from cache");
                    this.E.freeCredentialsHandle();
                    ((SSLSessionContextImpl) this.D.engineGetClientSessionContext()).a(this.S);
                    this.F = null;
                }
                this.E.acquireCredentialsHandle(b(), iArr, encoded, handle, keyType);
                str = "Acquire credentials with client certificate done";
                SSLLogger.fine(str);
            }
            SSLLogger.fine("No appropriate cert was found.");
            if (!z2) {
                SSLLogger.fine("No new credentials will be created");
                return;
            }
            this.E.acquireCredentialsHandle(b(), iArr);
            str = "Acquire credentials done";
            SSLLogger.fine(str);
        } catch (Exception e2) {
            a(e2);
        }
    }

    void a(boolean z2, byte[] bArr, int i2) throws SSLException {
        String str;
        if (z2 && this.E == null) {
            throw new SSLException("Renegotiation on non-established connection");
        }
        if (this.E == null) {
            this.F = null;
            if (i2 != 0) {
                if (i2 < 44) {
                    SSLLogger.fine("Couldn't find ClientHello");
                } else {
                    int i3 = bArr[43];
                    if (i2 >= i3 + 44) {
                        byte[] bArr2 = new byte[i3];
                        Array.copy(bArr, 44, bArr2, 0, i3);
                        SSLSessionImpl a = ((SSLSessionContextImpl) this.D.engineGetServerSessionContext()).a(bArr2);
                        this.F = a;
                        if (a != null) {
                            str = "%% Server cached " + this.F + " " + (this.F.b() ? "" : " (not rejoinable)");
                        } else {
                            str = "%% No cached server session";
                        }
                        SSLLogger.finer(str);
                        SSLSessionImpl sSLSessionImpl = this.F;
                        if (sSLSessionImpl != null && !sSLSessionImpl.b()) {
                            this.F = null;
                        }
                        SSLSessionImpl sSLSessionImpl2 = this.F;
                        if (sSLSessionImpl2 != null) {
                            this.E = sSLSessionImpl2.a();
                            this.Q = this.F.i();
                            this.J = (X509Certificate[]) this.F.getPeerCertificates();
                            this.M = true;
                            try {
                                this.E.deleteSecurityContext();
                            } catch (MSException unused) {
                                this.F = null;
                                this.J = null;
                                this.M = false;
                            }
                        }
                    }
                }
            }
            if (this.F == null) {
                Sspi sspi = new Sspi(false);
                this.E = sspi;
                sspi.setNeedClientAuth(getNeedClientAuth());
                a();
            }
        }
    }

    void a(byte[] bArr, int i2) throws SSLException {
        X509Certificate[] x509CertificateArr;
        boolean z2 = true;
        try {
            long[] jArr = new long[1];
            int[] iArr = new int[1];
            if (SSLLogger.isAllEnabled() && i2 != 0) {
                SSLLogger.dump("Client send: length = ", Integer.valueOf(i2), ByteBuffer.wrap(bArr, 0, i2));
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            long j2 = 590610;
            while (j2 == 590610) {
                iArr[0] = i2;
                byte[] acceptSecurityContext = this.E.acceptSecurityContext(false, bArr, iArr, jArr);
                j2 = jArr[0];
                int i3 = iArr[0];
                if (acceptSecurityContext != null) {
                    if (SSLLogger.isAllEnabled()) {
                        SSLLogger.dump("Server send: length = ", Integer.valueOf(acceptSecurityContext.length), ByteBuffer.wrap(acceptSecurityContext));
                    }
                    byteArrayOutputStream.write(acceptSecurityContext);
                }
                if (g(true) && e(true) && this.F == null) {
                    d(false);
                }
                f(true);
                SSLSessionImpl sSLSessionImpl = this.F;
                if (sSLSessionImpl != null && (x509CertificateArr = this.J) != null) {
                    sSLSessionImpl.a(x509CertificateArr);
                    j();
                }
                if (j2 != -2146893032 && j2 != 590624) {
                    i2 = i3;
                }
                j2 = 590610;
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byteArrayOutputStream.close();
            if (j2 != 590610 && j2 != 0) {
                throw new SSLException("Error due client handshake 0x" + Integer.toHexString((int) j2));
            }
            if (byteArray.length != 0) {
                a((ByteBuffer) ByteBuffer.allocate(byteArray.length).put(byteArray).flip());
            }
            if (j2 == 0) {
                SSLLogger.fine("Handshake was successful");
                g(false);
                e(false);
                if (getNeedClientAuth()) {
                    z2 = false;
                }
                f(z2);
                if (this.F == null) {
                    d(false);
                }
                if (getNeedClientAuth()) {
                    this.F.a(this.J);
                    j();
                }
                this.t = 2;
                this.N.addLast(SSLEngineResult.HandshakeStatus.FINISHED);
            }
        } catch (Exception e2) {
            try {
                a(e2);
            } finally {
                this.F = SSLSessionImpl.a;
            }
        }
    }

    int b() {
        int i2 = cl_13.f.n <= this.Q.n ? 0 | g : 0;
        if (cl_13.g.n <= this.Q.n) {
            i2 |= j;
        }
        if (cl_13.h.n <= this.Q.n) {
            i2 |= m;
        }
        return cl_13.i.n <= this.Q.n ? i2 | p : i2;
    }

    /* JADX WARN: Code restructure failed: missing block: B:64:0x012c, code lost:
    
        k();
        a(false);
     */
    /* JADX WARN: Code restructure failed: missing block: B:71:0x00d4, code lost:
    
        if (ru.CryptoPro.ssl.SSLLogger.isAllEnabled() == false) goto L48;
     */
    /* JADX WARN: Code restructure failed: missing block: B:72:0x00d6, code lost:
    
        ru.CryptoPro.ssl.SSLLogger.dump("Client send: length = ", java.lang.Integer.valueOf(r3.length), java.nio.ByteBuffer.wrap(r3));
     */
    /* JADX WARN: Code restructure failed: missing block: B:73:0x00e4, code lost:
    
        r22.q.getSockOutput().write(r3);
        r22.q.getSockOutput().flush();
     */
    /* JADX WARN: Removed duplicated region for block: B:57:0x0125 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:66:0x0121 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    int b(boolean r23, byte[] r24) throws javax.net.ssl.SSLException {
        /*
            Method dump skipped, instructions count: 332
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ru.CryptoPro.sspiSSL.SSLEngineImpl.b(boolean, byte[]):int");
    }

    synchronized void b(ByteBuffer byteBuffer) throws IOException {
        if (this.U) {
            throw new IOException("Write side already closed");
        }
        this.N.addLast(byteBuffer);
    }

    void b(boolean z2) throws SSLException {
        String str;
        if (z2) {
            if (this.E == null) {
                throw new SSLException("Renegotiation on non-established connection");
            }
            return;
        }
        SSLSessionImpl a = ((SSLSessionContextImpl) this.D.engineGetClientSessionContext()).a(e(), g());
        this.F = a;
        if (a != null) {
            str = "%% Client cached " + this.F + " " + (this.F.b() ? "" : " (not rejoinable)");
        } else {
            str = "%% No cached client session";
        }
        SSLLogger.finer(str);
        SSLSessionImpl sSLSessionImpl = this.F;
        if (sSLSessionImpl != null && !sSLSessionImpl.b()) {
            this.F = null;
        }
        SSLSessionImpl sSLSessionImpl2 = this.F;
        boolean z3 = false;
        if (sSLSessionImpl2 != null) {
            this.E = sSLSessionImpl2.a();
            this.Q = this.F.i();
            this.J = (X509Certificate[]) this.F.getPeerCertificates();
            this.M = true;
            try {
                this.E.deleteSecurityContext();
            } catch (MSException unused) {
                this.F = null;
                this.J = null;
                this.M = false;
            }
        }
        if (this.F == null) {
            X509TrustManager c2 = this.D.c();
            if ((c2 instanceof cl_28) && ((cl_28) c2).a().equalsIgnoreCase(ru.CryptoPro.sspiSSL.pc_2.cl_5.j)) {
                z3 = true;
            }
            Sspi sspi = new Sspi(true);
            this.E = sspi;
            sspi.setUseCSPValidation(z3);
            a(true);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:35:0x0099, code lost:
    
        if (ru.CryptoPro.ssl.SSLLogger.isAllEnabled() == false) goto L36;
     */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x009b, code lost:
    
        ru.CryptoPro.ssl.SSLLogger.dump("Client send: length = ", java.lang.Integer.valueOf(r11.length), java.nio.ByteBuffer.wrap(r11));
     */
    /* JADX WARN: Code restructure failed: missing block: B:37:0x00a9, code lost:
    
        a((java.nio.ByteBuffer) java.nio.ByteBuffer.allocate(r11.length).put(r11).flip());
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    void b(byte[] r11, int r12) throws javax.net.ssl.SSLException {
        /*
            Method dump skipped, instructions count: 248
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ru.CryptoPro.sspiSSL.SSLEngineImpl.b(byte[], int):void");
    }

    @Override // javax.net.ssl.SSLEngine
    public void beginHandshake() throws SSLException {
        if (this.t == 0) {
            this.t = 1;
            if (!this.C) {
                b(false, (byte[]) null);
            } else if (this.q != null) {
                a(false, (byte[]) null);
            } else {
                a(false, (byte[]) null, 0);
            }
        }
    }

    int c(ByteBuffer byteBuffer) throws SSLException {
        if (byteBuffer.remaining() < 5) {
            return -1;
        }
        int position = byteBuffer.position();
        byte b2 = byteBuffer.get(position);
        if (this.r || b2 == 22 || b2 == 21) {
            a(cl_13.a(byteBuffer.get(position + 1), byteBuffer.get(position + 2)), false);
            this.r = true;
            return 5 + ((byteBuffer.get(position + 3) & 255) << 8) + (byteBuffer.get(position + 4) & 255);
        }
        boolean z2 = (b2 & 128) != 0;
        if (z2) {
            int i2 = position + 2;
            if (byteBuffer.get(i2) == 1 || byteBuffer.get(i2) == 4) {
                a(cl_13.a(byteBuffer.get(position + 3), byteBuffer.get(position + 4)), true);
                return (((z2 ? Byte.MAX_VALUE : Utf8.REPLACEMENT_BYTE) & b2) << 8) + (byteBuffer.get(position + 1) & 255) + (z2 ? 2 : 3);
            }
        }
        throw new SSLException("Unrecognized SSL message, plaintext connection?");
    }

    void c() {
        Sspi sspi = this.E;
        if (sspi != null) {
            try {
                sspi.close();
            } catch (MSException e2) {
                SSLLogger.warning("Error during closing sspi: " + e2.getMessage());
            }
        }
        this.E = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void c(boolean z2) {
        int i2 = this.t;
        if (i2 >= 6) {
            return;
        }
        if (i2 == 1 && this.E == null) {
            return;
        }
        long[] jArr = new long[1];
        try {
            byte[] acceptSecurityContext = this.C ? this.E.acceptSecurityContext(true, null, null, jArr) : this.E.initializeSecurityContext(e(), true, false, null, null, jArr);
            long j2 = jArr[0];
            if (j2 != 0) {
                throw new SSLException("Error due send close notify 0x" + Integer.toHexString((int) j2));
            }
            SSLLogger.fine(this.C ? "Server" : "Client  close_notify was successful");
            if (acceptSecurityContext != null) {
                if (SSLLogger.isAllEnabled()) {
                    SSLLogger.dump("Send close notify: length = ", Integer.valueOf(acceptSecurityContext.length), ByteBuffer.wrap(acceptSecurityContext));
                }
                if (z2) {
                    a((ByteBuffer) ByteBuffer.allocate(acceptSecurityContext.length).put(acceptSecurityContext).flip());
                } else {
                    this.q.getSockOutput().write(acceptSecurityContext);
                    this.q.getSockOutput().flush();
                }
            }
        } catch (Exception e2) {
            SSLLogger.thrown(e2);
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public void closeInbound() throws SSLException {
        SSLLogger.fine(l() + " called closeInbound()");
        m();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void closeOutbound() {
        SSLLogger.fine(l() + " called closeOutbound()");
        o();
    }

    synchronized boolean d() {
        return n();
    }

    public void doHandshakeStep(byte[] bArr, int i2) throws SSLException {
        if (this.C) {
            a(bArr, i2);
        } else {
            b(bArr, i2);
        }
    }

    String e() {
        SSLSocketImpl sSLSocketImpl = this.q;
        return sSLSocketImpl != null ? sSLSocketImpl.d() : getPeerHost();
    }

    String f() {
        SSLSocketImpl sSLSocketImpl = this.q;
        return sSLSocketImpl != null ? sSLSocketImpl.getInetAddress().getHostAddress() : getPeerHost();
    }

    int g() {
        SSLSocketImpl sSLSocketImpl = this.q;
        return sSLSocketImpl != null ? sSLSocketImpl.getPort() : getPeerPort();
    }

    @Override // javax.net.ssl.SSLEngine
    public Runnable getDelegatedTask() {
        return null;
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getEnableSessionCreation() {
        return this.H;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized String[] getEnabledCipherSuites() {
        return this.P.d();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getEnabledProtocols() {
        return this.O.b();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLSession getHandshakeSession() {
        return this.F;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult.HandshakeStatus getHandshakeStatus() {
        return a((SSLEngineResult.HandshakeStatus) null);
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getNeedClientAuth() {
        return this.G == 2;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLSession getSession() {
        return this.F;
    }

    public SSLSocketImpl getSocketImpl() {
        return this.q;
    }

    public Sspi getSspi() {
        return this.E;
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedCipherSuites() {
        return this.D.h().d();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedProtocols() {
        return this.D.g().b();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getUseClientMode() {
        return !this.C;
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getWantClientAuth() {
        return this.G == 1;
    }

    int h() {
        SSLSocketImpl sSLSocketImpl = this.q;
        if (sSLSocketImpl != null) {
            return sSLSocketImpl.getLocalPort();
        }
        return -1;
    }

    public void initHandshake(byte[] bArr, int i2) throws SSLException {
        if (this.t == 0) {
            if (this.C) {
                a(false, bArr, i2);
            } else {
                b(false);
            }
            this.t = 1;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean isInboundDone() {
        return this.T;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean isOutboundDone() {
        boolean z2;
        if (this.U) {
            z2 = n() ? false : true;
        }
        return z2;
    }

    public int renegotiation(byte[] bArr) throws SSLException {
        this.t = 3;
        return this.C ? a(true, bArr) : b(true, bArr);
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnableSessionCreation(boolean z2) {
        this.H = z2;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnabledCipherSuites(String[] strArr) {
        this.P = new cl_4(strArr);
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnabledProtocols(String[] strArr) {
        this.O = new cl_12(strArr);
    }

    @Override // javax.net.ssl.SSLEngine
    public void setNeedClientAuth(boolean z2) {
        this.G = z2 ? (byte) 2 : (byte) 0;
    }

    public void setSocketImpl(SSLSocketImpl sSLSocketImpl) throws IOException {
        this.q = sSLSocketImpl;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setUseClientMode(boolean z2) {
        this.C = !z2;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setWantClientAuth(boolean z2) {
        this.G = z2 ? (byte) 1 : (byte) 0;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr, int i2, int i3) throws SSLException {
        SSLEngineResult a;
        a(byteBuffer, byteBufferArr, i2, i3, false);
        EngineArgs engineArgs = new EngineArgs(byteBuffer, byteBufferArr, i2, i3);
        try {
            synchronized (this.B) {
                a = a(engineArgs);
            }
            return a;
        } catch (Exception e2) {
            a(e2);
            return null;
        } finally {
            engineArgs.resetLim();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult wrap(ByteBuffer[] byteBufferArr, int i2, int i3, ByteBuffer byteBuffer) throws SSLException {
        SSLEngineResult b2;
        a(byteBuffer, byteBufferArr, i2, i3, true);
        EngineArgs engineArgs = new EngineArgs(byteBufferArr, i2, i3, byteBuffer);
        if (byteBuffer.remaining() < 16921) {
            return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, a((SSLEngineResult.HandshakeStatus) null), 0, 0);
        }
        try {
            synchronized (this.A) {
                b2 = b(engineArgs);
            }
            return b2;
        } catch (Exception e2) {
            engineArgs.resetPos();
            a(e2);
            return null;
        }
    }
}
