package org.bouncycastle.jsse.provider;

import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateParsingException;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLPermission;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionBindingEvent;
import javax.net.ssl.SSLSessionBindingListener;
import javax.net.ssl.SSLSessionContext;
import javax.security.auth.x500.X500Principal;
import javax.security.cert.CertificateEncodingException;
import javax.security.cert.CertificateException;
import javax.security.cert.CertificateExpiredException;
import javax.security.cert.CertificateNotYetValidException;
import javax.security.cert.X509Certificate;
import org.bouncycastle.jsse.BCExtendedSSLSession;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.util.Arrays;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes5.dex */
public abstract class ProvSSLSessionBase extends BCExtendedSSLSession {
    protected final long creationTime;
    protected final JcaTlsCrypto crypto;
    protected final SSLSession exportSSLSession;
    protected final boolean isFips;
    protected final AtomicLong lastAccessedTime;
    protected final String peerHost;
    protected final int peerPort;
    protected final AtomicReference<ProvSSLSessionContext> sslSessionContext;
    protected final Map<String, Object> valueMap = Collections.synchronizedMap(new HashMap());

    /* loaded from: classes5.dex */
    private static class X509CertificateWrapper extends X509Certificate {

        /* renamed from: c, reason: collision with root package name */
        private final java.security.cert.X509Certificate f937c;

        private X509CertificateWrapper(java.security.cert.X509Certificate x509Certificate) {
            this.f937c = x509Certificate;
        }

        @Override // javax.security.cert.X509Certificate
        public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
            try {
                this.f937c.checkValidity();
            } catch (java.security.cert.CertificateExpiredException e2) {
                throw new CertificateExpiredException(e2.getMessage());
            } catch (java.security.cert.CertificateNotYetValidException e3) {
                throw new CertificateNotYetValidException(e3.getMessage());
            }
        }

        @Override // javax.security.cert.X509Certificate
        public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
            try {
                this.f937c.checkValidity(date);
            } catch (java.security.cert.CertificateExpiredException e2) {
                throw new CertificateExpiredException(e2.getMessage());
            } catch (java.security.cert.CertificateNotYetValidException e3) {
                throw new CertificateNotYetValidException(e3.getMessage());
            }
        }

        @Override // javax.security.cert.Certificate
        public byte[] getEncoded() throws CertificateEncodingException {
            try {
                return this.f937c.getEncoded();
            } catch (java.security.cert.CertificateEncodingException e2) {
                throw new CertificateEncodingException(e2.getMessage());
            }
        }

        @Override // javax.security.cert.X509Certificate
        public Principal getIssuerDN() {
            return this.f937c.getIssuerX500Principal();
        }

        @Override // javax.security.cert.X509Certificate
        public Date getNotAfter() {
            return this.f937c.getNotAfter();
        }

        @Override // javax.security.cert.X509Certificate
        public Date getNotBefore() {
            return this.f937c.getNotBefore();
        }

        @Override // javax.security.cert.Certificate
        public PublicKey getPublicKey() {
            return this.f937c.getPublicKey();
        }

        @Override // javax.security.cert.X509Certificate
        public BigInteger getSerialNumber() {
            return this.f937c.getSerialNumber();
        }

        @Override // javax.security.cert.X509Certificate
        public String getSigAlgName() {
            return this.f937c.getSigAlgName();
        }

        @Override // javax.security.cert.X509Certificate
        public String getSigAlgOID() {
            return this.f937c.getSigAlgOID();
        }

        @Override // javax.security.cert.X509Certificate
        public byte[] getSigAlgParams() {
            return this.f937c.getSigAlgParams();
        }

        @Override // javax.security.cert.X509Certificate
        public Principal getSubjectDN() {
            return this.f937c.getSubjectX500Principal();
        }

        @Override // javax.security.cert.X509Certificate
        public int getVersion() {
            return this.f937c.getVersion() - 1;
        }

        @Override // javax.security.cert.Certificate
        public String toString() {
            return this.f937c.toString();
        }

        @Override // javax.security.cert.Certificate
        public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            try {
                this.f937c.verify(publicKey);
            } catch (java.security.cert.CertificateEncodingException e2) {
                throw new CertificateEncodingException(e2.getMessage());
            } catch (java.security.cert.CertificateExpiredException e3) {
                throw new CertificateExpiredException(e3.getMessage());
            } catch (java.security.cert.CertificateNotYetValidException e4) {
                throw new CertificateNotYetValidException(e4.getMessage());
            } catch (CertificateParsingException e5) {
                throw new javax.security.cert.CertificateParsingException(e5.getMessage());
            } catch (java.security.cert.CertificateException e6) {
                throw new CertificateException(e6.getMessage());
            }
        }

        @Override // javax.security.cert.Certificate
        public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            try {
                this.f937c.verify(publicKey, str);
            } catch (java.security.cert.CertificateEncodingException e2) {
                throw new CertificateEncodingException(e2.getMessage());
            } catch (java.security.cert.CertificateExpiredException e3) {
                throw new CertificateExpiredException(e3.getMessage());
            } catch (java.security.cert.CertificateNotYetValidException e4) {
                throw new CertificateNotYetValidException(e4.getMessage());
            } catch (CertificateParsingException e5) {
                throw new javax.security.cert.CertificateParsingException(e5.getMessage());
            } catch (java.security.cert.CertificateException e6) {
                throw new CertificateException(e6.getMessage());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProvSSLSessionBase(ProvSSLSessionContext provSSLSessionContext, String str, int i2) {
        this.sslSessionContext = new AtomicReference<>(provSSLSessionContext);
        this.isFips = provSSLSessionContext == null ? false : provSSLSessionContext.getSSLContext().isFips();
        this.crypto = provSSLSessionContext == null ? null : provSSLSessionContext.getCrypto();
        this.peerHost = str;
        this.peerPort = i2;
        long currentTimeMillis = System.currentTimeMillis();
        this.creationTime = currentTimeMillis;
        this.exportSSLSession = SSLSessionUtil.exportSSLSession(this);
        this.lastAccessedTime = new AtomicLong(currentTimeMillis);
    }

    private void implInvalidate(boolean z) {
        if (z) {
            ProvSSLSessionContext andSet = this.sslSessionContext.getAndSet(null);
            if (andSet != null) {
                andSet.removeSession(getIDArray());
            }
        } else {
            this.sslSessionContext.set(null);
        }
        invalidateTLS();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void accessedAt(long j2) {
        long j3 = this.lastAccessedTime.get();
        if (j2 > j3) {
            this.lastAccessedTime.compareAndSet(j3, j2);
        }
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj instanceof ProvSSLSessionBase) {
            return Arrays.areEqual(getIDArray(), ((ProvSSLSessionBase) obj).getIDArray());
        }
        return false;
    }

    @Override // javax.net.ssl.SSLSession
    public int getApplicationBufferSize() {
        return 16384;
    }

    @Override // javax.net.ssl.SSLSession
    public String getCipherSuite() {
        return ProvSSLContextSpi.getCipherSuiteName(getCipherSuiteTLS());
    }

    protected abstract int getCipherSuiteTLS();

    @Override // javax.net.ssl.SSLSession
    public long getCreationTime() {
        return this.creationTime;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLSession getExportSSLSession() {
        return this.exportSSLSession;
    }

    protected abstract byte[] getIDArray();

    @Override // javax.net.ssl.SSLSession
    public byte[] getId() {
        byte[] iDArray = getIDArray();
        return TlsUtils.isNullOrEmpty(iDArray) ? TlsUtils.EMPTY_BYTES : (byte[]) iDArray.clone();
    }

    @Override // javax.net.ssl.SSLSession
    public long getLastAccessedTime() {
        return this.lastAccessedTime.get();
    }

    protected abstract Certificate getLocalCertificateTLS();

    @Override // javax.net.ssl.SSLSession
    public java.security.cert.Certificate[] getLocalCertificates() {
        java.security.cert.X509Certificate[] x509CertificateChain;
        JcaTlsCrypto jcaTlsCrypto = this.crypto;
        if (jcaTlsCrypto == null || (x509CertificateChain = JsseUtils.getX509CertificateChain(jcaTlsCrypto, getLocalCertificateTLS())) == null || x509CertificateChain.length <= 0) {
            return null;
        }
        return x509CertificateChain;
    }

    @Override // javax.net.ssl.SSLSession
    public Principal getLocalPrincipal() {
        JcaTlsCrypto jcaTlsCrypto = this.crypto;
        if (jcaTlsCrypto != null) {
            return JsseUtils.getSubject(jcaTlsCrypto, getLocalCertificateTLS());
        }
        return null;
    }

    @Override // javax.net.ssl.SSLSession
    public int getPacketBufferSize() {
        ProtocolVersion protocolTLS = getProtocolTLS();
        if (protocolTLS == null || !TlsUtils.isTLSv12(protocolTLS)) {
            return 18443;
        }
        return TlsUtils.isTLSv13(protocolTLS) ? 16911 : 17413;
    }

    @Override // javax.net.ssl.SSLSession
    public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
        java.security.cert.X509Certificate[] x509CertificateArr = (java.security.cert.X509Certificate[]) getPeerCertificates();
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
            try {
                if (this.isFips) {
                    x509CertificateArr2[i2] = new X509CertificateWrapper(x509CertificateArr[i2]);
                } else {
                    x509CertificateArr2[i2] = X509Certificate.getInstance(x509CertificateArr[i2].getEncoded());
                }
            } catch (Exception e2) {
                throw new SSLPeerUnverifiedException(e2.getMessage());
            }
        }
        return x509CertificateArr2;
    }

    protected abstract Certificate getPeerCertificateTLS();

    @Override // javax.net.ssl.SSLSession
    public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
        java.security.cert.X509Certificate[] x509CertificateChain;
        JcaTlsCrypto jcaTlsCrypto = this.crypto;
        if (jcaTlsCrypto == null || (x509CertificateChain = JsseUtils.getX509CertificateChain(jcaTlsCrypto, getPeerCertificateTLS())) == null || x509CertificateChain.length <= 0) {
            throw new SSLPeerUnverifiedException("No peer identity established");
        }
        return x509CertificateChain;
    }

    @Override // javax.net.ssl.SSLSession
    public String getPeerHost() {
        return this.peerHost;
    }

    @Override // javax.net.ssl.SSLSession
    public int getPeerPort() {
        return this.peerPort;
    }

    @Override // javax.net.ssl.SSLSession
    public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
        X500Principal subject;
        JcaTlsCrypto jcaTlsCrypto = this.crypto;
        if (jcaTlsCrypto == null || (subject = JsseUtils.getSubject(jcaTlsCrypto, getPeerCertificateTLS())) == null) {
            throw new SSLPeerUnverifiedException("No peer identity established");
        }
        return subject;
    }

    @Override // javax.net.ssl.SSLSession
    public String getProtocol() {
        return ProvSSLContextSpi.getProtocolVersionName(getProtocolTLS());
    }

    protected abstract ProtocolVersion getProtocolTLS();

    @Override // javax.net.ssl.SSLSession
    public SSLSessionContext getSessionContext() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new SSLPermission("getSSLSessionContext"));
        }
        return this.sslSessionContext.get();
    }

    @Override // javax.net.ssl.SSLSession
    public Object getValue(String str) {
        return this.valueMap.get(str);
    }

    @Override // javax.net.ssl.SSLSession
    public String[] getValueNames() {
        String[] strArr;
        synchronized (this.valueMap) {
            strArr = (String[]) this.valueMap.keySet().toArray(new String[this.valueMap.size()]);
        }
        return strArr;
    }

    public int hashCode() {
        return Arrays.hashCode(getIDArray());
    }

    @Override // javax.net.ssl.SSLSession
    public final void invalidate() {
        implInvalidate(true);
    }

    protected abstract void invalidateTLS();

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void invalidatedBySessionContext() {
        implInvalidate(false);
    }

    @Override // javax.net.ssl.SSLSession
    public boolean isValid() {
        if (this.sslSessionContext.get() == null) {
            return false;
        }
        return !TlsUtils.isNullOrEmpty(getIDArray());
    }

    protected void notifyBound(String str, Object obj) {
        if (obj instanceof SSLSessionBindingListener) {
            ((SSLSessionBindingListener) obj).valueBound(new SSLSessionBindingEvent(this, str));
        }
    }

    protected void notifyUnbound(String str, Object obj) {
        if (obj instanceof SSLSessionBindingListener) {
            ((SSLSessionBindingListener) obj).valueUnbound(new SSLSessionBindingEvent(this, str));
        }
    }

    @Override // javax.net.ssl.SSLSession
    public void putValue(String str, Object obj) {
        notifyUnbound(str, this.valueMap.put(str, obj));
        notifyBound(str, obj);
    }

    @Override // javax.net.ssl.SSLSession
    public void removeValue(String str) {
        notifyUnbound(str, this.valueMap.remove(str));
    }

    public String toString() {
        return "Session(" + getCreationTime() + "|" + getCipherSuite() + ")";
    }
}
