package com.basho.riak.client.core.netty;

import com.basho.riak.client.core.RiakMessage;
import com.basho.riak.client.core.util.Constants;
import com.basho.riak.protobuf.RiakMessageCodes;
import com.basho.riak.protobuf.RiakPB;
import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import io.netty.buffer.ByteBuf;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.ByteToMessageDecoder;
import io.netty.handler.ssl.SslHandler;
import io.netty.util.concurrent.DefaultPromise;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.GenericFutureListener;
import java.io.IOException;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLHandshakeException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/basho/riak/client/core/netty/RiakSecurityDecoder.class */
public class RiakSecurityDecoder extends ByteToMessageDecoder {
    private final SSLEngine sslEngine;
    private final String username;
    private final String password;
    private volatile DefaultPromise<Void> promise;
    private final CountDownLatch promiseLatch = new CountDownLatch(1);
    private final Logger logger = LoggerFactory.getLogger(RiakSecurityDecoder.class);
    private volatile State state = State.TLS_START;

    /* loaded from: input_file:com/basho/riak/client/core/netty/RiakSecurityDecoder$SslListener.class */
    private class SslListener implements GenericFutureListener<Future<Channel>> {
        private SslListener() {
        }

        public void operationComplete(Future<Channel> future) throws Exception {
            if (!future.isSuccess()) {
                RiakSecurityDecoder.this.logger.error("SSL Handshake failed: ", future.cause());
                RiakSecurityDecoder.this.promise.tryFailure(future.cause());
                return;
            }
            RiakSecurityDecoder.this.logger.debug("SSL Handshake success!");
            Channel channel = (Channel) future.getNow();
            RiakSecurityDecoder.this.state = State.AUTH_WAIT;
            channel.writeAndFlush(new RiakMessage((byte) -3, RiakPB.RpbAuthReq.newBuilder().setUser(ByteString.copyFromUtf8(RiakSecurityDecoder.this.username)).setPassword(ByteString.copyFromUtf8(RiakSecurityDecoder.this.password)).m1418build().toByteArray()));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/basho/riak/client/core/netty/RiakSecurityDecoder$State.class */
    public enum State {
        TLS_START,
        TLS_WAIT,
        SSL_WAIT,
        AUTH_WAIT
    }

    public RiakSecurityDecoder(SSLEngine sSLEngine, String str, String str2) {
        this.sslEngine = sSLEngine;
        this.username = str;
        this.password = str2;
    }

    protected void decode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
        this.logger.debug("RiakSecurityDecoder decode");
        if (byteBuf.readableBytes() >= 4) {
            byteBuf.markReaderIndex();
            int readInt = byteBuf.readInt();
            if (byteBuf.readableBytes() < readInt) {
                byteBuf.resetReaderIndex();
                return;
            }
            byte readByte = byteBuf.readByte();
            byte[] bArr = new byte[readInt - 1];
            byteBuf.readBytes(bArr);
            switch (this.state) {
                case TLS_WAIT:
                    switch (readByte) {
                        case RiakMessageCodes.MSG_StartTls /* -1 */:
                            this.logger.debug("Received MSG_RpbStartTls reply");
                            this.state = State.SSL_WAIT;
                            SslHandler sslHandler = new SslHandler(this.sslEngine);
                            sslHandler.handshakeFuture().addListener(new SslListener());
                            channelHandlerContext.channel().pipeline().addFirst(Constants.SSL_HANDLER, sslHandler);
                            return;
                        case 0:
                            this.logger.debug("Received MSG_ErrorResp reply to startTls");
                            this.promise.tryFailure(riakErrorToException(bArr));
                            return;
                        default:
                            this.promise.tryFailure(new RiakResponseException(0, "Invalid return code during StartTLS; " + ((int) readByte)));
                            return;
                    }
                case AUTH_WAIT:
                    channelHandlerContext.channel().pipeline().remove(this);
                    switch (readByte) {
                        case RiakMessageCodes.MSG_AuthResp /* -2 */:
                            this.logger.debug("Received MSG_RpbAuthResp reply");
                            this.promise.trySuccess((Object) null);
                            return;
                        case 0:
                            this.logger.debug("Received MSG_ErrorResp reply to auth");
                            this.promise.tryFailure(riakErrorToException(bArr));
                            return;
                        default:
                            this.promise.tryFailure(new RiakResponseException(0, "Invalid return code during Auth; " + ((int) readByte)));
                            return;
                    }
                default:
                    this.logger.error("Received message while not in TLS_WAIT or AUTH_WAIT");
                    this.promise.tryFailure(new IllegalStateException("Received message while not in TLS_WAIT or AUTH_WAIT"));
                    return;
            }
        }
    }

    private RiakResponseException riakErrorToException(byte[] bArr) {
        try {
            RiakPB.RpbErrorResp parseFrom = RiakPB.RpbErrorResp.parseFrom(bArr);
            return new RiakResponseException(parseFrom.getErrcode(), parseFrom.getErrmsg().toStringUtf8());
        } catch (InvalidProtocolBufferException e) {
            return null;
        }
    }

    private void init(ChannelHandlerContext channelHandlerContext) {
        this.state = State.TLS_WAIT;
        this.promise = new DefaultPromise<>(channelHandlerContext.executor());
        this.promiseLatch.countDown();
        channelHandlerContext.channel().writeAndFlush(new RiakMessage((byte) -1, new byte[0]));
    }

    public void handlerAdded(ChannelHandlerContext channelHandlerContext) throws Exception {
        this.logger.debug("Handler Added");
        if (channelHandlerContext.channel().isActive()) {
            init(channelHandlerContext);
        }
    }

    public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
        this.logger.debug("Channel Active");
    }

    public void channelInactive(ChannelHandlerContext channelHandlerContext) throws Exception {
        this.logger.debug("Channel Inactive");
        this.promise.tryFailure(new IOException("Channel closed during auth"));
        channelHandlerContext.fireChannelInactive();
    }

    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
        this.logger.debug("Exception Caught: {}", th);
        if (th.getCause() instanceof SSLHandshakeException) {
            return;
        }
        channelHandlerContext.fireExceptionCaught(th);
    }

    public DefaultPromise<Void> getPromise() throws InterruptedException {
        this.promiseLatch.await();
        return this.promise;
    }
}
