package org.apache.geode.internal.net;

import java.io.EOFException;
import java.io.IOException;
import java.net.SocketException;
import java.net.SocketTimeoutException;
import java.nio.ByteBuffer;
import java.nio.channels.ClosedChannelException;
import java.nio.channels.SocketChannel;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import org.apache.geode.GemFireIOException;
import org.apache.geode.distributed.internal.DMStats;
import org.apache.geode.internal.logging.LogService;
import org.apache.geode.internal.net.Buffers;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:org/apache/geode/internal/net/NioSslEngine.class */
public class NioSslEngine implements NioFilter {
    private static final Logger logger = LogService.getLogger();
    private final DMStats stats;
    private volatile boolean closed;
    SSLEngine engine;
    ByteBuffer myNetData;
    ByteBuffer peerAppData;
    ByteBuffer handshakeBuffer;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.geode.internal.net.NioSslEngine$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/geode/internal/net/NioSslEngine$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.OK.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 3;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 4;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public NioSslEngine(SSLEngine sSLEngine, DMStats dMStats) {
        this.stats = dMStats;
        int applicationBufferSize = sSLEngine.getSession().getApplicationBufferSize();
        this.myNetData = ByteBuffer.allocate(sSLEngine.getSession().getPacketBufferSize());
        this.peerAppData = ByteBuffer.allocate(applicationBufferSize);
        this.engine = sSLEngine;
    }

    public boolean handshake(SocketChannel socketChannel, int i, ByteBuffer byteBuffer) throws IOException, InterruptedException {
        if (byteBuffer.capacity() < this.engine.getSession().getPacketBufferSize()) {
            if (logger.isDebugEnabled()) {
                logger.debug("Allocating new buffer for SSL handshake");
            }
            this.handshakeBuffer = Buffers.acquireReceiveBuffer(this.engine.getSession().getPacketBufferSize(), this.stats);
        } else {
            this.handshakeBuffer = byteBuffer;
        }
        this.handshakeBuffer.clear();
        ByteBuffer wrap = ByteBuffer.wrap(new byte[0]);
        if (logger.isDebugEnabled()) {
            logger.debug("Starting TLS handshake with {}.  Timeout is {}ms", socketChannel.socket(), Integer.valueOf(i));
        }
        long j = -1;
        if (i > 0) {
            j = System.nanoTime() + TimeUnit.MILLISECONDS.toNanos(i);
        }
        this.engine.beginHandshake();
        SSLEngineResult.HandshakeStatus handshakeStatus = this.engine.getHandshakeStatus();
        SSLEngineResult sSLEngineResult = null;
        while (handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED && handshakeStatus != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
            if (socketChannel.socket().isClosed()) {
                logger.info("Handshake terminated because socket is closed");
                throw new SocketException("handshake terminated - socket is closed");
            }
            if (j > 0 && j < System.nanoTime()) {
                logger.info("TLS handshake is timing out");
                throw new SocketTimeoutException("handshake timed out");
            }
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[handshakeStatus.ordinal()]) {
                case 1:
                    int read = socketChannel.read(this.handshakeBuffer);
                    this.handshakeBuffer.flip();
                    sSLEngineResult = this.engine.unwrap(this.handshakeBuffer, this.peerAppData);
                    this.handshakeBuffer.compact();
                    handshakeStatus = sSLEngineResult.getHandshakeStatus();
                    if (this.peerAppData.remaining() == 0 && read == 0 && handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                        Thread.sleep(10L);
                    }
                    if (sSLEngineResult.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW) {
                        break;
                    } else {
                        this.peerAppData = expandWriteBuffer(Buffers.BufferType.TRACKED_RECEIVER, this.peerAppData, this.peerAppData.capacity() * 2, this.stats);
                        break;
                    }
                case 2:
                    this.myNetData.clear();
                    sSLEngineResult = this.engine.wrap(wrap, this.myNetData);
                    handshakeStatus = sSLEngineResult.getHandshakeStatus();
                    switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[sSLEngineResult.getStatus().ordinal()]) {
                        case 1:
                            this.myNetData = expandWriteBuffer(Buffers.BufferType.TRACKED_SENDER, this.myNetData, this.myNetData.capacity() * 2, this.stats);
                            break;
                        case 2:
                            this.myNetData.flip();
                            while (this.myNetData.hasRemaining()) {
                                socketChannel.write(this.myNetData);
                            }
                            break;
                        case 3:
                            break;
                        default:
                            logger.info("handshake terminated with illegal state due to {}", handshakeStatus);
                            throw new IllegalStateException("Unknown SSLEngineResult status: " + sSLEngineResult.getStatus());
                    }
                case 3:
                    handleBlockingTasks();
                    handshakeStatus = this.engine.getHandshakeStatus();
                    break;
                default:
                    logger.info("handshake terminated with illegal state due to {}", handshakeStatus);
                    throw new IllegalStateException("Unknown SSL Handshake state: " + handshakeStatus);
            }
            Thread.sleep(10L);
        }
        if (handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
            logger.info("handshake terminated with exception due to {}", handshakeStatus);
            throw new SSLHandshakeException("SSL Handshake terminated with status " + handshakeStatus);
        }
        if (!logger.isDebugEnabled()) {
            return true;
        }
        if (sSLEngineResult != null) {
            logger.debug("TLS handshake successful.  result={} and handshakeResult={}", sSLEngineResult.getStatus(), this.engine.getHandshakeStatus());
            return true;
        }
        logger.debug("TLS handshake successful.  handshakeResult={}", this.engine.getHandshakeStatus());
        return true;
    }

    ByteBuffer expandWriteBuffer(Buffers.BufferType bufferType, ByteBuffer byteBuffer, int i, DMStats dMStats) {
        return Buffers.expandWriteBufferIfNeeded(bufferType, byteBuffer, i, dMStats);
    }

    void checkClosed() {
        if (this.closed) {
            throw new IllegalStateException("NioSslEngine has been closed");
        }
    }

    void handleBlockingTasks() {
        while (true) {
            Runnable delegatedTask = this.engine.getDelegatedTask();
            if (delegatedTask == null) {
                return;
            } else {
                delegatedTask.run();
            }
        }
    }

    @Override // org.apache.geode.internal.net.NioFilter
    public synchronized ByteBuffer wrap(ByteBuffer byteBuffer) throws IOException {
        checkClosed();
        this.myNetData.clear();
        while (byteBuffer.hasRemaining()) {
            if (this.myNetData.capacity() - this.myNetData.position() < byteBuffer.remaining() * 2) {
                this.myNetData = expandWriteBuffer(Buffers.BufferType.TRACKED_SENDER, this.myNetData, expandedCapacity(byteBuffer, this.myNetData), this.stats);
            }
            SSLEngineResult wrap = this.engine.wrap(byteBuffer, this.myNetData);
            if (wrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                handleBlockingTasks();
            }
            if (wrap.getStatus() != SSLEngineResult.Status.OK) {
                throw new SSLException("Error encrypting data: " + wrap);
            }
        }
        this.myNetData.flip();
        return this.myNetData;
    }

    @Override // org.apache.geode.internal.net.NioFilter
    public synchronized ByteBuffer unwrap(ByteBuffer byteBuffer) throws IOException {
        checkClosed();
        expandPeerAppData(byteBuffer);
        this.peerAppData.limit(this.peerAppData.capacity());
        while (byteBuffer.hasRemaining()) {
            SSLEngineResult unwrap = this.engine.unwrap(byteBuffer, this.peerAppData);
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[unwrap.getStatus().ordinal()]) {
                case 1:
                    expandPeerAppData(byteBuffer);
                    break;
                case 2:
                    break;
                case 3:
                default:
                    throw new SSLException("Error decrypting data: " + unwrap);
                case 4:
                    byteBuffer.compact();
                    return this.peerAppData;
            }
        }
        byteBuffer.clear();
        return this.peerAppData;
    }

    void expandPeerAppData(ByteBuffer byteBuffer) {
        if (this.peerAppData.capacity() - this.peerAppData.position() < 2 * byteBuffer.remaining()) {
            this.peerAppData = Buffers.expandWriteBufferIfNeeded(Buffers.BufferType.TRACKED_RECEIVER, this.peerAppData, expandedCapacity(byteBuffer, this.peerAppData), this.stats);
        }
    }

    @Override // org.apache.geode.internal.net.NioFilter
    public ByteBuffer ensureWrappedCapacity(int i, ByteBuffer byteBuffer, Buffers.BufferType bufferType, DMStats dMStats) {
        ByteBuffer byteBuffer2 = byteBuffer;
        int packetBufferSize = this.engine.getSession().getPacketBufferSize();
        if (byteBuffer2 == null) {
            byteBuffer2 = Buffers.acquireBuffer(bufferType, packetBufferSize, dMStats);
        } else if (byteBuffer2.capacity() < packetBufferSize) {
            byteBuffer2 = Buffers.expandWriteBufferIfNeeded(bufferType, byteBuffer2, packetBufferSize, dMStats);
        }
        return byteBuffer2;
    }

    @Override // org.apache.geode.internal.net.NioFilter
    public ByteBuffer readAtLeast(SocketChannel socketChannel, int i, ByteBuffer byteBuffer, DMStats dMStats) throws IOException {
        if (this.peerAppData.capacity() <= i) {
            this.peerAppData = Buffers.expandReadBufferIfNeeded(Buffers.BufferType.TRACKED_RECEIVER, this.peerAppData, i, this.stats);
        } else if (this.peerAppData.capacity() - this.peerAppData.position() < i) {
            this.peerAppData.compact();
            this.peerAppData.flip();
        }
        while (this.peerAppData.remaining() < i) {
            byteBuffer.limit(byteBuffer.capacity());
            int read = socketChannel.read(byteBuffer);
            if (read < 0) {
                throw new EOFException();
            }
            if (read > 0) {
                byteBuffer.flip();
                this.peerAppData.compact();
                this.peerAppData = unwrap(byteBuffer);
                this.peerAppData.flip();
            }
        }
        return this.peerAppData;
    }

    @Override // org.apache.geode.internal.net.NioFilter
    public ByteBuffer getUnwrappedBuffer(ByteBuffer byteBuffer) {
        return this.peerAppData;
    }

    public ByteBuffer ensureUnwrappedCapacity(int i) {
        this.peerAppData = Buffers.expandReadBufferIfNeeded(Buffers.BufferType.TRACKED_RECEIVER, this.peerAppData, i, this.stats);
        return this.peerAppData;
    }

    @Override // org.apache.geode.internal.net.NioFilter
    public void close(SocketChannel socketChannel) {
        try {
            if (this.closed) {
                return;
            }
            try {
                if (!this.engine.isOutboundDone()) {
                    ByteBuffer wrap = ByteBuffer.wrap(new byte[0]);
                    this.engine.closeOutbound();
                    this.myNetData.clear();
                    SSLEngineResult wrap2 = this.engine.wrap(wrap, this.myNetData);
                    if (wrap2.getStatus() != SSLEngineResult.Status.CLOSED) {
                        throw new SSLHandshakeException("Error closing SSL session.  Status=" + wrap2.getStatus());
                    }
                    this.myNetData.flip();
                    while (this.myNetData.hasRemaining()) {
                        socketChannel.write(this.myNetData);
                    }
                }
                Buffers.releaseBuffer(Buffers.BufferType.TRACKED_SENDER, this.myNetData, this.stats);
                Buffers.releaseBuffer(Buffers.BufferType.TRACKED_RECEIVER, this.peerAppData, this.stats);
                this.closed = true;
            } catch (ClosedChannelException e) {
                Buffers.releaseBuffer(Buffers.BufferType.TRACKED_SENDER, this.myNetData, this.stats);
                Buffers.releaseBuffer(Buffers.BufferType.TRACKED_RECEIVER, this.peerAppData, this.stats);
                this.closed = true;
            } catch (IOException e2) {
                throw new GemFireIOException("exception closing SSL session", e2);
            }
        } catch (Throwable th) {
            Buffers.releaseBuffer(Buffers.BufferType.TRACKED_SENDER, this.myNetData, this.stats);
            Buffers.releaseBuffer(Buffers.BufferType.TRACKED_RECEIVER, this.peerAppData, this.stats);
            this.closed = true;
            throw th;
        }
    }

    private int expandedCapacity(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) {
        return Math.max(byteBuffer2.position() + (byteBuffer.remaining() * 2), byteBuffer2.capacity() * 2);
    }
}
