package com.sec.sf.httpsdk;

import com.sec.sf.logger.SfLogLevel;
import java.io.IOException;
import java.io.InputStream;
import java.io.InterruptedIOException;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLSession;

/* loaded from: classes2.dex */
public class SfSSLTunnel extends SfDataTunnelWrapper {
    InetSocketAddress address;
    InputStream in;
    OutputStream out;
    ReadWriteBuffer readFromSSL;
    ReadWriteBuffer readFromSrc;
    InputStream srcIn;
    OutputStream srcOut;
    SSLContext sslContext;
    SSLEngine sslEngine;
    ReadWriteBuffer writeToSSL;
    ByteBuffer writeToSrc;
    Object readLock = new Object();
    Object writeLock = new Object();

    /* loaded from: classes2.dex */
    class SSLInputStream extends InputStream {
        SSLInputStream() {
        }

        @Override // java.io.InputStream, java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            SfSSLTunnel.this.sslCloseIn();
        }

        @Override // java.io.InputStream
        public int read() throws IOException {
            int read;
            byte[] bArr = new byte[1];
            do {
                read = read(bArr, 0, 1);
                if (read == -1) {
                    return -1;
                }
            } while (read != 1);
            return bArr[0] & 255;
        }

        @Override // java.io.InputStream
        public int read(byte[] bArr) throws IOException {
            return read(bArr, 0, bArr.length);
        }

        @Override // java.io.InputStream
        public int read(byte[] bArr, int i, int i2) throws IOException {
            return SfSSLTunnel.this.sslRead(bArr, i, i2);
        }
    }

    /* loaded from: classes2.dex */
    class SSLOutputStream extends OutputStream {
        SSLOutputStream() {
        }

        @Override // java.io.OutputStream, java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            SfSSLTunnel.this.sslCloseOut();
        }

        @Override // java.io.OutputStream, java.io.Flushable
        public void flush() throws IOException {
            SfSSLTunnel.this.sslFlush(true);
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
            write(new byte[]{(byte) (i & 255)}, 0, 1);
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr) throws IOException {
            write(bArr, 0, bArr.length);
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            SfSSLTunnel.this.sslWrite(bArr, i, i2);
        }
    }

    public SfSSLTunnel(InetSocketAddress inetSocketAddress) throws IOException {
        this.address = inetSocketAddress;
        try {
            this.sslContext = SSLContext.getDefault();
            this.sslEngine = this.sslContext.createSSLEngine(inetSocketAddress.getHostString(), inetSocketAddress.getPort());
            LinkedList linkedList = new LinkedList(Arrays.asList(this.sslEngine.getSupportedCipherSuites()));
            Iterator it = linkedList.iterator();
            while (it.hasNext()) {
                String upperCase = ((String) it.next()).toUpperCase();
                if (upperCase.contains("_RC4_") || upperCase.contains("_ANON_") || upperCase.endsWith("_WITH_NULL_SHA") || upperCase.endsWith("_WITH_NULL_SHA256") || upperCase.endsWith("_WITH_NULL_MD5") || upperCase.endsWith("_WITH_DES_CBC_SHA") || upperCase.endsWith("_WITH_DES40_CBC_SHA")) {
                    it.remove();
                }
            }
            this.sslEngine.setEnabledCipherSuites((String[]) linkedList.toArray(new String[linkedList.size()]));
            this.sslEngine.setUseClientMode(true);
            this.sslEngine.beginHandshake();
            SSLSession session = this.sslEngine.getSession();
            this.readFromSSL = new ReadWriteBuffer(session.getApplicationBufferSize());
            this.writeToSSL = new ReadWriteBuffer(session.getApplicationBufferSize());
            this.readFromSrc = new ReadWriteBuffer(session.getPacketBufferSize());
            this.writeToSrc = ByteBuffer.allocate(session.getPacketBufferSize());
        } catch (NoSuchAlgorithmException e) {
            throw ((IOException) new IOException("SSL algorithm not available").initCause(e));
        }
    }

    static boolean needsHandshakeAction(SSLEngineResult.HandshakeStatus handshakeStatus) {
        return (SSLEngineResult.HandshakeStatus.FINISHED == handshakeStatus || SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING == handshakeStatus) ? false : true;
    }

    @Override // com.sec.sf.httpsdk.SfDataTunnelWrapper
    public void doClose() {
        if (this.sslEngine != null) {
            try {
                this.sslEngine.closeInbound();
            } catch (Exception e) {
            }
            try {
                this.sslEngine.closeOutbound();
            } catch (Exception e2) {
            }
        }
        try {
            sslFlush(true);
        } catch (Exception e3) {
        }
    }

    @Override // com.sec.sf.httpsdk.SfDataTunnelWrapper
    public void doConnect() throws IOException {
        this.srcIn = this.source.getInputStream();
        if (this.srcIn == null) {
            throw new IOException("No input source stream");
        }
        this.srcOut = this.source.getOutputStream();
        if (this.srcOut == null) {
            throw new IOException("No output source stream");
        }
        this.in = new SSLInputStream();
        this.out = new SSLOutputStream();
        handleHandshake();
    }

    @Override // com.sec.sf.httpsdk.SfDataTunnelWrapper, com.sec.sf.httpsdk.SfDataTunnel
    public InputStream getInputStream() {
        return this.in;
    }

    @Override // com.sec.sf.httpsdk.SfDataTunnelWrapper, com.sec.sf.httpsdk.SfDataTunnel
    public OutputStream getOutputStream() {
        return this.out;
    }

    protected void handleHandshake() throws IOException {
        if (this.sslEngine == null) {
            throw new IllegalStateException("SSLEngine not instantiated");
        }
        do {
            SSLEngineResult.HandshakeStatus handshakeStatus = this.sslEngine.getHandshakeStatus();
            if (!needsHandshakeAction(handshakeStatus)) {
                return;
            }
            if (SSLEngineResult.HandshakeStatus.NEED_TASK == handshakeStatus) {
                sslTask();
            } else if (SSLEngineResult.HandshakeStatus.NEED_WRAP == handshakeStatus) {
                sslWrap(true, true);
            } else if (SSLEngineResult.HandshakeStatus.NEED_UNWRAP == handshakeStatus) {
                sslUnwrap(true);
            }
        } while (!Thread.currentThread().isInterrupted());
        throw new InterruptedIOException("Interrupted during SSL handshake");
    }

    protected void readSrc() throws IOException {
        int remainingWrite = this.readFromSrc.remainingWrite();
        if (remainingWrite > 0) {
            byte[] bArr = new byte[remainingWrite];
            int read = this.srcIn.read(bArr, 0, remainingWrite);
            if (read == -1) {
                throw new IOException("EOF");
            }
            if (read > 0) {
                this.readFromSrc.write(bArr, 0, read);
            }
        }
    }

    protected void sslCloseIn() throws IOException {
        this.sslEngine.closeInbound();
        sslFlush(true);
    }

    protected void sslCloseOut() throws IOException {
        this.sslEngine.closeOutbound();
        sslFlush(true);
    }

    protected void sslFlush(boolean z) throws IOException {
        synchronized (this.writeLock) {
            sslWrap(false, z);
        }
    }

    protected int sslRead(byte[] bArr, int i, int i2) throws IOException {
        int read;
        synchronized (this.readLock) {
            while (true) {
                if (this.readFromSSL.remainingRead() != 0) {
                    read = this.readFromSSL.read(bArr, i, i2);
                    break;
                }
                if (Thread.currentThread().isInterrupted()) {
                    throw new InterruptedIOException("Interrupted during SSL read");
                }
                if (this.sslEngine.isInboundDone()) {
                    read = -1;
                    break;
                }
                sslUnwrap(false);
            }
        }
        return read;
    }

    protected void sslTask() throws IOException {
        if (this.sslEngine == null) {
            throw new IllegalStateException("SSLEngine not instantiated");
        }
        Runnable delegatedTask = this.sslEngine.getDelegatedTask();
        if (delegatedTask != null) {
            delegatedTask.run();
        }
    }

    protected void sslUnwrap(boolean z) throws IOException {
        synchronized (this.readLock) {
            if (this.sslEngine != null) {
                int applicationBufferSize = this.sslEngine.getSession().getApplicationBufferSize();
                if (this.readFromSSL.capacity() > applicationBufferSize && this.readFromSSL.remainingRead() < applicationBufferSize) {
                    this.readFromSSL.resize(applicationBufferSize);
                    SfHttpSDK.GetLogger().Log(getClass(), SfLogLevel.WARNING, this + " : SSL unwrap buffer shrink back to Application Data Size");
                }
                if (this.readFromSSL.remainingRead() == 0) {
                }
                while (true) {
                    if (this.sslEngine.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NEED_UNWRAP && this.readFromSSL.remainingRead() != 0) {
                        break;
                    }
                    if (!Thread.currentThread().isInterrupted()) {
                        if (this.readFromSrc.remainingRead() != 0) {
                            SfHttpSDK.GetLogger().Log(getClass(), SfLogLevel.TRACE, this + " : sslUnwrap (available from network: " + this.readFromSrc.remainingRead() + " bytes, buffer free space: " + this.readFromSSL.remainingWrite() + " of " + this.readFromSSL.capacity() + " bytes)");
                            SSLEngineResult unwrap = this.sslEngine.unwrap(this.readFromSrc.getReadBuffer(), this.readFromSSL.getWriteBuffers());
                            if (SSLEngineResult.Status.BUFFER_UNDERFLOW != unwrap.getStatus()) {
                                if (SSLEngineResult.Status.BUFFER_OVERFLOW != unwrap.getStatus()) {
                                    if (SSLEngineResult.Status.CLOSED == unwrap.getStatus()) {
                                        break;
                                    } else if (SSLEngineResult.Status.OK == unwrap.getStatus()) {
                                        SfHttpSDK.GetLogger().Log(getClass(), SfLogLevel.DEBUG, this + " : Unwrapped " + unwrap.bytesProduced() + " data bytes from " + unwrap.bytesConsumed() + " bytes");
                                        break;
                                    }
                                } else {
                                    SfHttpSDK.GetLogger().Log(getClass(), SfLogLevel.WARNING, this + " : unwrap buffer overflow");
                                    int applicationBufferSize2 = this.sslEngine.getSession().getApplicationBufferSize();
                                    int i = applicationBufferSize2;
                                    if (this.readFromSSL.remainingRead() > 0) {
                                        SfHttpSDK.GetLogger().Log(getClass(), SfLogLevel.WARNING, this + " : unwrap buffer contains data, need to grow buffer size.");
                                        i += this.readFromSSL.remainingRead();
                                    }
                                    if (this.readFromSSL.capacity() >= i) {
                                        SfHttpSDK.GetLogger().Log(getClass(), SfLogLevel.ERROR, this + " : SSL implementation is horribly wrong, it requires more free space in buffer, than ApplicationBufferSize which is " + applicationBufferSize2 + "!");
                                        i = this.readFromSSL.capacity() + 4096;
                                    }
                                    this.readFromSSL.resize(i);
                                }
                            } else {
                                readSrc();
                            }
                        } else {
                            readSrc();
                        }
                    } else {
                        throw new InterruptedIOException("Interrupted during SSL unwrap");
                    }
                }
            } else {
                throw new IllegalStateException("SSLEngine not instantiated");
            }
        }
        if (z || !needsHandshakeAction(this.sslEngine.getHandshakeStatus())) {
            return;
        }
        handleHandshake();
    }

    protected void sslWrap(boolean z, boolean z2) throws IOException {
        synchronized (this.writeLock) {
            if (this.sslEngine != null) {
                boolean z3 = false;
                while (true) {
                    if (this.writeToSSL.remainingRead() <= 0 && this.sslEngine.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NEED_WRAP) {
                        break;
                    }
                    if (!Thread.currentThread().isInterrupted()) {
                        SfHttpSDK.GetLogger().Log(getClass(), SfLogLevel.TRACE, this + " : sslWrap (data to wrap: " + this.writeToSSL.remainingRead() + " bytes)");
                        this.writeToSrc.clear();
                        SSLEngineResult wrap = this.sslEngine.wrap(this.writeToSSL.getReadBuffers(), this.writeToSrc);
                        SfHttpSDK.GetLogger().Log(getClass(), SfLogLevel.DEBUG, this + " : Wrapped " + wrap.bytesConsumed() + " data bytes to " + wrap.bytesProduced() + " bytes");
                        if (this.writeToSrc.position() > 0) {
                            this.writeToSrc.flip();
                            byte[] bArr = new byte[this.writeToSrc.remaining()];
                            this.writeToSrc.get(bArr);
                            this.writeToSrc.clear();
                            this.srcOut.write(bArr, 0, bArr.length);
                            this.srcOut.flush();
                        }
                        if (SSLEngineResult.Status.CLOSED != wrap.getStatus()) {
                            if (SSLEngineResult.Status.BUFFER_UNDERFLOW != wrap.getStatus()) {
                                if (SSLEngineResult.Status.BUFFER_OVERFLOW != wrap.getStatus()) {
                                    z3 = z3 || wrap.bytesConsumed() > 0;
                                    if (!z2 && z3) {
                                        break;
                                    }
                                } else {
                                    int packetBufferSize = this.sslEngine.getSession().getPacketBufferSize();
                                    if (packetBufferSize > this.writeToSrc.capacity()) {
                                        this.writeToSrc = ByteBuffer.allocate(packetBufferSize);
                                    } else {
                                        SfHttpSDK.GetLogger().Log(getClass(), SfLogLevel.ERROR, this + " : SSL implementation is horribly wrong, it requires more output buffer capacity, than " + this.writeToSrc.capacity() + " (PacketBufferSize = " + packetBufferSize + ").");
                                        this.writeToSrc = ByteBuffer.allocate(this.writeToSrc.capacity() + 4096);
                                    }
                                }
                            } else {
                                SfHttpSDK.GetLogger().Log(getClass(), SfLogLevel.ERROR, this + " : SSL implementation is strange, it requires more application data than we are ready to send.");
                                break;
                            }
                        } else {
                            throw new IOException("Closed");
                        }
                    } else {
                        throw new InterruptedIOException("Interrupted during SSL wrap");
                    }
                }
            } else {
                throw new IllegalStateException("SSLEngine not instantiated");
            }
        }
        if (z || !needsHandshakeAction(this.sslEngine.getHandshakeStatus())) {
            return;
        }
        handleHandshake();
    }

    protected void sslWrite(byte[] bArr, int i, int i2) throws IOException {
        synchronized (this.writeLock) {
            while (i2 > 0) {
                if (Thread.currentThread().isInterrupted()) {
                    throw new InterruptedIOException("Interrupted during SSL write");
                }
                int remainingWrite = this.writeToSSL.remainingWrite();
                if (remainingWrite == 0) {
                    sslFlush(false);
                } else {
                    if (remainingWrite > i2) {
                        remainingWrite = i2;
                    }
                    this.writeToSSL.write(bArr, i, remainingWrite);
                    i += remainingWrite;
                    i2 -= remainingWrite;
                }
            }
        }
    }

    @Override // com.sec.sf.httpsdk.SfDataTunnelWrapper
    public String toString() {
        return "SSL(" + this.address + ")";
    }

    @Override // com.sec.sf.httpsdk.SfDataTunnelWrapper
    public SfSSLTunnel wrap(SfDataTunnel sfDataTunnel) {
        super.wrap(sfDataTunnel);
        return this;
    }
}
