package org.bouncycastle.jsse.provider;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.tls.TlsClientProtocol;
import org.bouncycastle.tls.TlsProtocol;
import org.bouncycastle.tls.TlsServerProtocol;

/* loaded from: input_file:lib/bctls-jdk15on-156.jar:org/bouncycastle/jsse/provider/ProvSSLEngine.class */
class ProvSSLEngine extends SSLEngine implements ProvTlsManager {
    protected final ProvSSLContextSpi context;
    protected final ContextData contextData;
    protected ProvSSLParameters sslParameters;
    protected boolean enableSessionCreation;
    protected boolean useClientMode;
    protected boolean initialHandshakeBegun;
    protected SSLEngineResult.HandshakeStatus handshakeStatus;
    protected TlsProtocol protocol;
    protected ProvTlsPeer protocolPeer;
    protected SSLSession session;
    protected SSLSession handshakeSession;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: protected */
    public ProvSSLEngine(ProvSSLContextSpi provSSLContextSpi, ContextData contextData) {
        this.enableSessionCreation = false;
        this.useClientMode = true;
        this.initialHandshakeBegun = false;
        this.handshakeStatus = SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
        this.protocol = null;
        this.protocolPeer = null;
        this.session = ProvSSLSession.NULL_SESSION;
        this.handshakeSession = null;
        this.context = provSSLContextSpi;
        this.contextData = contextData;
        this.sslParameters = ProvSSLParameters.extractDefaultParameters(provSSLContextSpi);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ProvSSLEngine(ProvSSLContextSpi provSSLContextSpi, ContextData contextData, String str, int i) {
        super(str, i);
        this.enableSessionCreation = false;
        this.useClientMode = true;
        this.initialHandshakeBegun = false;
        this.handshakeStatus = SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
        this.protocol = null;
        this.protocolPeer = null;
        this.session = ProvSSLSession.NULL_SESSION;
        this.handshakeSession = null;
        this.context = provSSLContextSpi;
        this.contextData = contextData;
        this.sslParameters = ProvSSLParameters.extractDefaultParameters(provSSLContextSpi);
    }

    @Override // org.bouncycastle.jsse.provider.ProvTlsManager
    public ProvSSLContextSpi getContext() {
        return this.context;
    }

    @Override // org.bouncycastle.jsse.provider.ProvTlsManager
    public ContextData getContextData() {
        return this.contextData;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void beginHandshake() throws SSLException {
        if (this.initialHandshakeBegun) {
            throw new UnsupportedOperationException("Renegotiation not supported");
        }
        this.initialHandshakeBegun = true;
        try {
            if (this.useClientMode) {
                TlsClientProtocol tlsClientProtocol = new TlsClientProtocol();
                this.protocol = tlsClientProtocol;
                ProvTlsClient provTlsClient = new ProvTlsClient(this);
                this.protocolPeer = provTlsClient;
                tlsClientProtocol.connect(provTlsClient);
            } else {
                TlsServerProtocol tlsServerProtocol = new TlsServerProtocol();
                this.protocol = tlsServerProtocol;
                ProvTlsServer provTlsServer = new ProvTlsServer(this);
                this.protocolPeer = provTlsServer;
                tlsServerProtocol.accept(provTlsServer);
            }
            determineHandshakeStatus();
        } catch (IOException e) {
            throw new SSLException(e);
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void closeInbound() throws SSLException {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void closeOutbound() {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized Runnable getDelegatedTask() {
        return null;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized String[] getEnabledCipherSuites() {
        return this.sslParameters.getCipherSuites();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized String[] getEnabledProtocols() {
        return this.sslParameters.getProtocols();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean getEnableSessionCreation() {
        return this.enableSessionCreation;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLSession getHandshakeSession() {
        return this.handshakeSession;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLEngineResult.HandshakeStatus getHandshakeStatus() {
        return this.handshakeStatus;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean getNeedClientAuth() {
        return this.sslParameters.getNeedClientAuth();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLSession getSession() {
        return this.session;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLParameters getSSLParameters() {
        return SSLParametersUtil.toSSLParameters(this.sslParameters);
    }

    @Override // org.bouncycastle.jsse.provider.ProvTlsManager
    public synchronized ProvSSLParameters getProvSSLParameters() {
        return this.sslParameters;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized String[] getSupportedCipherSuites() {
        return this.context.getSupportedCipherSuites();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized String[] getSupportedProtocols() {
        return this.context.getSupportedProtocols();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean getUseClientMode() {
        return this.useClientMode;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean getWantClientAuth() {
        return this.sslParameters.getWantClientAuth();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean isInboundDone() {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean isOutboundDone() {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setEnabledCipherSuites(String[] strArr) {
        if (!this.context.isSupportedCipherSuites(strArr)) {
            throw new IllegalArgumentException("'suites' cannot be null, or contain unsupported cipher suites");
        }
        this.sslParameters.setCipherSuites(strArr);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setEnabledProtocols(String[] strArr) {
        if (!this.context.isSupportedProtocols(strArr)) {
            throw new IllegalArgumentException("'protocols' cannot be null, or contain unsupported protocols");
        }
        this.sslParameters.setProtocols(strArr);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setEnableSessionCreation(boolean z) {
        this.enableSessionCreation = z;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setNeedClientAuth(boolean z) {
        this.sslParameters.setNeedClientAuth(z);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setSSLParameters(SSLParameters sSLParameters) {
        this.sslParameters = SSLParametersUtil.toProvSSLParameters(sSLParameters);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setUseClientMode(boolean z) {
        if (this.initialHandshakeBegun && z != this.useClientMode) {
            throw new IllegalArgumentException("Mode cannot be changed after the initial handshake has begun");
        }
        this.useClientMode = z;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setWantClientAuth(boolean z) {
        this.sslParameters.setWantClientAuth(z);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr, int i, int i2) throws SSLException {
        if (!this.initialHandshakeBegun) {
            beginHandshake();
        }
        SSLEngineResult.HandshakeStatus handshakeStatus = this.handshakeStatus;
        int i3 = 0;
        int i4 = 0;
        if (!this.protocol.isClosed()) {
            byte[] bArr = new byte[byteBuffer.remaining()];
            byteBuffer.get(bArr);
            try {
                this.protocol.offerInput(bArr);
                i3 = 0 + bArr.length;
            } catch (IOException e) {
                throw new SSLException(e);
            }
        }
        int availableInputBytes = this.protocol.getAvailableInputBytes();
        for (int i5 = 0; i5 < i2 && availableInputBytes > 0; i5++) {
            ByteBuffer byteBuffer2 = byteBufferArr[i5];
            int min = Math.min(byteBuffer2.remaining(), availableInputBytes);
            byte[] bArr2 = new byte[min];
            int readInput = this.protocol.readInput(bArr2, 0, min);
            if (!$assertionsDisabled && readInput != min) {
                throw new AssertionError();
            }
            byteBuffer2.put(bArr2);
            i4 += min;
            availableInputBytes -= min;
        }
        SSLEngineResult.Status status = SSLEngineResult.Status.OK;
        if (availableInputBytes > 0) {
            status = SSLEngineResult.Status.BUFFER_OVERFLOW;
        } else if (this.protocol.isClosed()) {
            status = SSLEngineResult.Status.CLOSED;
        }
        determineHandshakeStatus();
        SSLEngineResult.HandshakeStatus handshakeStatus2 = this.handshakeStatus;
        if (this.handshakeStatus == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING && handshakeStatus != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
            handshakeStatus2 = SSLEngineResult.HandshakeStatus.FINISHED;
        }
        return new SSLEngineResult(status, handshakeStatus2, i3, i4);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLEngineResult wrap(ByteBuffer[] byteBufferArr, int i, int i2, ByteBuffer byteBuffer) throws SSLException {
        throw new UnsupportedOperationException();
    }

    protected void determineHandshakeStatus() {
        if (!this.initialHandshakeBegun || this.protocolPeer.isHandshakeComplete()) {
            this.handshakeStatus = SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
            return;
        }
        if (this.protocol.getAvailableOutputBytes() > 0) {
            this.handshakeStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP;
        } else if (this.protocol.isClosed()) {
            this.handshakeStatus = SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
        } else {
            this.handshakeStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
        }
    }

    @Override // org.bouncycastle.jsse.provider.ProvTlsManager
    public boolean isClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        X509TrustManager trustManager = this.contextData.getTrustManager();
        if (trustManager == null) {
            return false;
        }
        try {
            trustManager.checkClientTrusted(x509CertificateArr, str);
            return true;
        } catch (CertificateException e) {
            return false;
        }
    }

    @Override // org.bouncycastle.jsse.provider.ProvTlsManager
    public boolean isServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        X509TrustManager trustManager = this.contextData.getTrustManager();
        if (trustManager == null) {
            return false;
        }
        try {
            trustManager.checkServerTrusted(x509CertificateArr, str);
            return true;
        } catch (CertificateException e) {
            return false;
        }
    }

    @Override // org.bouncycastle.jsse.provider.ProvTlsManager
    public synchronized void notifyHandshakeComplete(SSLSession sSLSession) {
        this.session = sSLSession;
    }

    static {
        $assertionsDisabled = !ProvSSLEngine.class.desiredAssertionStatus();
    }
}
