package org.jruby.ext.openssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.SelectionKey;
import java.nio.channels.Selector;
import java.nio.channels.SocketChannel;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Iterator;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import org.jruby.IRuby;
import org.jruby.RubyClass;
import org.jruby.RubyIO;
import org.jruby.RubyModule;
import org.jruby.RubyNumeric;
import org.jruby.RubyObject;
import org.jruby.exceptions.RaiseException;
import org.jruby.runtime.CallType;
import org.jruby.runtime.CallbackFactory;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.builtin.IRubyObject;

/* loaded from: input_file:org/jruby/ext/openssl/SSLSocket.class */
public class SSLSocket extends RubyObject {
    private RubyClass sslError;
    private SSLEngine engine;
    private SocketChannel c;
    private ByteBuffer peerAppData;
    private ByteBuffer peerNetData;
    private ByteBuffer netData;
    private ByteBuffer dummy;
    private boolean initialHandshake;
    private SSLEngineResult.HandshakeStatus hsStatus;
    private SSLEngineResult.Status status;
    private String type;
    private Selector rsel;
    private Selector wsel;
    private Selector asel;
    static Class class$org$jruby$ext$openssl$SSLSocket;
    static Class class$org$jruby$runtime$builtin$IRubyObject;
    static final boolean $assertionsDisabled;

    public static void createSSLSocket(IRuby iRuby, RubyModule rubyModule) {
        Class cls;
        Class cls2;
        RubyClass defineClassUnder = rubyModule.defineClassUnder("SSLSocket", iRuby.getObject());
        defineClassUnder.attr_accessor(new IRubyObject[]{iRuby.newSymbol("io")});
        defineClassUnder.attr_accessor(new IRubyObject[]{iRuby.newSymbol("context")});
        defineClassUnder.attr_accessor(new IRubyObject[]{iRuby.newSymbol("sync_close")});
        if (class$org$jruby$ext$openssl$SSLSocket == null) {
            cls = class$("org.jruby.ext.openssl.SSLSocket");
            class$org$jruby$ext$openssl$SSLSocket = cls;
        } else {
            cls = class$org$jruby$ext$openssl$SSLSocket;
        }
        CallbackFactory callbackFactory = iRuby.callbackFactory(cls);
        defineClassUnder.defineSingletonMethod("new", callbackFactory.getOptSingletonMethod("newInstance"));
        defineClassUnder.defineAlias("to_io", "io");
        defineClassUnder.defineMethod("initialize", callbackFactory.getOptMethod("_initialize"));
        defineClassUnder.defineMethod("connect", callbackFactory.getMethod("connect"));
        defineClassUnder.defineMethod("accept", callbackFactory.getMethod("accept"));
        defineClassUnder.defineMethod("sysread", callbackFactory.getOptMethod("sysread"));
        if (class$org$jruby$runtime$builtin$IRubyObject == null) {
            cls2 = class$("org.jruby.runtime.builtin.IRubyObject");
            class$org$jruby$runtime$builtin$IRubyObject = cls2;
        } else {
            cls2 = class$org$jruby$runtime$builtin$IRubyObject;
        }
        defineClassUnder.defineMethod("syswrite", callbackFactory.getMethod("syswrite", cls2));
        defineClassUnder.defineMethod("sysclose", callbackFactory.getMethod("sysclose"));
        defineClassUnder.defineMethod("cert", callbackFactory.getMethod("cert"));
        defineClassUnder.defineMethod("peer_cert", callbackFactory.getMethod("peer_cert"));
        defineClassUnder.defineMethod("peer_cert_chain", callbackFactory.getMethod("peer_cert_chain"));
        defineClassUnder.defineMethod("cipher", callbackFactory.getMethod("cipher"));
        defineClassUnder.defineMethod("state", callbackFactory.getMethod("state"));
        defineClassUnder.defineMethod("pending", callbackFactory.getMethod("pending"));
    }

    public static IRubyObject newInstance(IRubyObject iRubyObject, IRubyObject[] iRubyObjectArr) {
        SSLSocket sSLSocket = new SSLSocket(iRubyObject.getRuntime(), (RubyClass) iRubyObject);
        sSLSocket.callInit(iRubyObjectArr);
        return sSLSocket;
    }

    public SSLSocket(IRuby iRuby, RubyClass rubyClass) {
        super(iRuby, rubyClass);
        this.c = null;
        this.initialHandshake = false;
        this.status = null;
        this.type = null;
        this.sslError = (RubyClass) ((RubyModule) iRuby.getModule("OpenSSL").getConstant("SSL")).getConstant("SSLError");
    }

    public IRubyObject _initialize(IRubyObject[] iRubyObjectArr) throws Exception {
        ThreadContext currentContext = getRuntime().getCurrentContext();
        IRubyObject callMethod = checkArgumentCount(iRubyObjectArr, 1, 2) == 1 ? ((RubyModule) getRuntime().getModule("OpenSSL").getConstant("SSL")).getClass("SSLContext").callMethod(currentContext, "new") : iRubyObjectArr[1];
        IRubyObject iRubyObject = iRubyObjectArr[0];
        callMethod(currentContext, "io=", iRubyObject);
        this.c = (SocketChannel) ((RubyIO) iRubyObject).getChannel();
        callMethod(currentContext, "context=", callMethod);
        callMethod(currentContext, "sync_close=", getRuntime().getFalse());
        return callMethod(currentContext, getMetaClass().getSuperClass(), "initialize", iRubyObjectArr, CallType.SUPER);
    }

    private void ossl_ssl_setup() throws Exception {
        if (null == this.engine) {
            ThreadContext currentContext = getRuntime().getCurrentContext();
            javax.net.ssl.SSLContext sSLContext = javax.net.ssl.SSLContext.getInstance("SSL");
            IRubyObject callMethod = callMethod(currentContext, "context").callMethod(currentContext, "cert_store");
            callMethod(currentContext, "context").callMethod(currentContext, "verify_mode");
            if (callMethod.isNil()) {
                sSLContext.init(new KeyManager[]{((SSLContext) callMethod(currentContext, "context")).getKM()}, new TrustManager[]{((SSLContext) callMethod(currentContext, "context")).getTM()}, null);
            } else {
                sSLContext.init(new KeyManager[]{((SSLContext) callMethod(currentContext, "context")).getKM()}, new TrustManager[]{((X509Store) callMethod).getStore()}, null);
            }
            this.engine = sSLContext.createSSLEngine(this.c.socket().getInetAddress().getHostName(), this.c.socket().getPort());
            this.engine.setEnabledCipherSuites(((SSLContext) callMethod(currentContext, "context")).getCipherSuites(this.engine));
            SSLSession session = this.engine.getSession();
            this.peerNetData = ByteBuffer.allocate(session.getPacketBufferSize());
            this.peerAppData = ByteBuffer.allocate(session.getApplicationBufferSize());
            this.netData = ByteBuffer.allocate(session.getPacketBufferSize());
            this.peerNetData.limit(0);
            this.peerAppData.limit(0);
            this.netData.limit(0);
            this.dummy = ByteBuffer.allocate(0);
            this.rsel = Selector.open();
            this.wsel = Selector.open();
            this.asel = Selector.open();
            this.c.register(this.rsel, 1);
            this.c.register(this.wsel, 4);
            this.c.register(this.asel, 5);
        }
    }

    public IRubyObject connect() throws Exception {
        Throwable th;
        try {
            ossl_ssl_setup();
            this.engine.setUseClientMode(true);
            this.engine.beginHandshake();
            this.type = "client";
            this.hsStatus = this.engine.getHandshakeStatus();
            this.initialHandshake = true;
            doHandshake();
            return this;
        } catch (SSLHandshakeException e) {
            Throwable th2 = e;
            while (true) {
                th = th2;
                if (th.getCause() == null || !(th instanceof SSLHandshakeException)) {
                    break;
                }
                th2 = th.getCause();
            }
            if (th instanceof CertificateException) {
                throw new RaiseException(getRuntime(), this.sslError, th.getMessage(), true);
            }
            throw new RaiseException(getRuntime(), this.sslError, null, true);
        }
    }

    public IRubyObject accept() throws Exception {
        try {
            ThreadContext currentContext = getRuntime().getCurrentContext();
            ossl_ssl_setup();
            this.engine.setUseClientMode(false);
            IRubyObject callMethod = callMethod(currentContext, "context");
            if (!callMethod.isNil() && !callMethod.callMethod(currentContext, "verify_mode").isNil()) {
                int fix2int = RubyNumeric.fix2int(callMethod.callMethod(currentContext, "verify_mode"));
                if (fix2int == 0) {
                    this.engine.setNeedClientAuth(false);
                    this.engine.setWantClientAuth(false);
                }
                if ((fix2int & 1) != 0) {
                    this.engine.setWantClientAuth(true);
                }
                if ((fix2int & 2) != 0) {
                    this.engine.setNeedClientAuth(true);
                }
            }
            this.engine.beginHandshake();
            this.type = "server";
            this.hsStatus = this.engine.getHandshakeStatus();
            this.initialHandshake = true;
            doHandshake();
            return this;
        } catch (SSLHandshakeException e) {
            throw new RaiseException(getRuntime(), this.sslError, null, true);
        }
    }

    private void waitSelect(Selector selector) {
        try {
            selector.select();
            Iterator<SelectionKey> it = selector.selectedKeys().iterator();
            while (it.hasNext()) {
                it.next();
                it.remove();
            }
        } catch (Exception e) {
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:12:0x0066, code lost:
    
        if (r4.netData.hasRemaining() != false) goto L23;
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x006d, code lost:
    
        if (flushData() == false) goto L45;
     */
    /* JADX WARN: Code restructure failed: missing block: B:17:0x0073, code lost:
    
        r4.netData.clear();
        r4.hsStatus = r4.engine.wrap(r4.dummy, r4.netData).getHandshakeStatus();
        r4.netData.flip();
        flushData();
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void doHandshake() throws java.lang.Exception {
        /*
            r4 = this;
        L0:
            r0 = r4
            r1 = r4
            java.nio.channels.Selector r1 = r1.asel
            r0.waitSelect(r1)
            r0 = r4
            javax.net.ssl.SSLEngineResult$HandshakeStatus r0 = r0.hsStatus
            javax.net.ssl.SSLEngineResult$HandshakeStatus r1 = javax.net.ssl.SSLEngineResult.HandshakeStatus.FINISHED
            if (r0 != r1) goto L1e
            r0 = r4
            boolean r0 = r0.initialHandshake
            if (r0 == 0) goto L1d
            r0 = r4
            r0.finishInitialHandshake()
        L1d:
            return
        L1e:
            r0 = r4
            javax.net.ssl.SSLEngineResult$HandshakeStatus r0 = r0.hsStatus
            javax.net.ssl.SSLEngineResult$HandshakeStatus r1 = javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_TASK
            if (r0 != r1) goto L2f
            r0 = r4
            r0.doTasks()
            goto L0
        L2f:
            r0 = r4
            javax.net.ssl.SSLEngineResult$HandshakeStatus r0 = r0.hsStatus
            javax.net.ssl.SSLEngineResult$HandshakeStatus r1 = javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_UNWRAP
            if (r0 != r1) goto L55
            r0 = r4
            int r0 = r0.readAndUnwrap()
            r1 = -1
            if (r0 != r1) goto L0
            r0 = r4
            javax.net.ssl.SSLEngineResult$HandshakeStatus r0 = r0.hsStatus
            javax.net.ssl.SSLEngineResult$HandshakeStatus r1 = javax.net.ssl.SSLEngineResult.HandshakeStatus.FINISHED
            if (r0 == r1) goto L0
            javax.net.ssl.SSLHandshakeException r0 = new javax.net.ssl.SSLHandshakeException
            r1 = r0
            java.lang.String r2 = "Socket closed"
            r1.<init>(r2)
            throw r0
        L55:
            r0 = r4
            javax.net.ssl.SSLEngineResult$HandshakeStatus r0 = r0.hsStatus
            javax.net.ssl.SSLEngineResult$HandshakeStatus r1 = javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_WRAP
            if (r0 != r1) goto La3
            r0 = r4
            java.nio.ByteBuffer r0 = r0.netData
            boolean r0 = r0.hasRemaining()
            if (r0 == 0) goto L73
        L69:
            r0 = r4
            boolean r0 = r0.flushData()
            if (r0 == 0) goto L73
            goto L69
        L73:
            r0 = r4
            java.nio.ByteBuffer r0 = r0.netData
            java.nio.Buffer r0 = r0.clear()
            r0 = r4
            javax.net.ssl.SSLEngine r0 = r0.engine
            r1 = r4
            java.nio.ByteBuffer r1 = r1.dummy
            r2 = r4
            java.nio.ByteBuffer r2 = r2.netData
            javax.net.ssl.SSLEngineResult r0 = r0.wrap(r1, r2)
            r5 = r0
            r0 = r4
            r1 = r5
            javax.net.ssl.SSLEngineResult$HandshakeStatus r1 = r1.getHandshakeStatus()
            r0.hsStatus = r1
            r0 = r4
            java.nio.ByteBuffer r0 = r0.netData
            java.nio.Buffer r0 = r0.flip()
            r0 = r4
            boolean r0 = r0.flushData()
            goto L0
        La3:
            boolean r0 = org.jruby.ext.openssl.SSLSocket.$assertionsDisabled
            if (r0 != 0) goto Lb3
            java.lang.AssertionError r0 = new java.lang.AssertionError
            r1 = r0
            java.lang.String r2 = "doHandshake() should never reach the NOT_HANDSHAKING state"
            r1.<init>(r2)
            throw r0
        Lb3:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jruby.ext.openssl.SSLSocket.doHandshake():void");
    }

    private void doTasks() {
        while (true) {
            Runnable delegatedTask = this.engine.getDelegatedTask();
            if (delegatedTask == null) {
                this.hsStatus = this.engine.getHandshakeStatus();
                return;
            }
            delegatedTask.run();
        }
    }

    private boolean flushData() throws IOException {
        try {
            this.c.write(this.netData);
            return !this.netData.hasRemaining();
        } catch (IOException e) {
            this.netData.position(this.netData.limit());
            throw e;
        }
    }

    private void finishInitialHandshake() {
        this.initialHandshake = false;
    }

    public int write(ByteBuffer byteBuffer) throws Exception {
        if (this.initialHandshake || this.netData.hasRemaining()) {
            return 0;
        }
        this.netData.clear();
        SSLEngineResult wrap = this.engine.wrap(byteBuffer, this.netData);
        this.netData.flip();
        flushData();
        return wrap.bytesConsumed();
    }

    public int read(ByteBuffer byteBuffer) throws Exception {
        int readAndUnwrap;
        if (this.initialHandshake) {
            return 0;
        }
        if (this.engine.isInboundDone()) {
            return -1;
        }
        if (!this.peerAppData.hasRemaining() && ((readAndUnwrap = readAndUnwrap()) == -1 || readAndUnwrap == 0)) {
            return readAndUnwrap;
        }
        int min = Math.min(this.peerAppData.remaining(), byteBuffer.remaining());
        for (int i = 0; i < min; i++) {
            byteBuffer.put(this.peerAppData.get());
        }
        return min;
    }

    private int readAndUnwrap() throws Exception {
        SSLEngineResult unwrap;
        if (this.c.read(this.peerNetData) == -1) {
            return -1;
        }
        this.peerAppData.clear();
        this.peerNetData.flip();
        do {
            unwrap = this.engine.unwrap(this.peerNetData, this.peerAppData);
            if (unwrap.getStatus() != SSLEngineResult.Status.OK || unwrap.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                break;
            }
        } while (unwrap.bytesProduced() == 0);
        if (unwrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED) {
            finishInitialHandshake();
        }
        if (this.peerAppData.position() == 0 && unwrap.getStatus() == SSLEngineResult.Status.OK && this.peerNetData.hasRemaining()) {
            unwrap = this.engine.unwrap(this.peerNetData, this.peerAppData);
        }
        this.status = unwrap.getStatus();
        this.hsStatus = unwrap.getHandshakeStatus();
        if (this.status == SSLEngineResult.Status.CLOSED) {
            doShutdown();
            return -1;
        }
        this.peerNetData.compact();
        this.peerAppData.flip();
        if (!this.initialHandshake && (this.hsStatus == SSLEngineResult.HandshakeStatus.NEED_TASK || this.hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP || this.hsStatus == SSLEngineResult.HandshakeStatus.FINISHED)) {
            doHandshake();
        }
        return this.peerAppData.remaining();
    }

    private void doShutdown() throws IOException {
        if (this.engine.isOutboundDone()) {
            return;
        }
        this.netData.clear();
        try {
            this.engine.wrap(this.dummy, this.netData);
            this.netData.flip();
            flushData();
        } catch (Exception e) {
        }
    }

    public IRubyObject sysread(IRubyObject[] iRubyObjectArr) throws Exception {
        checkArgumentCount(iRubyObjectArr, 1, 2);
        int fix2int = RubyNumeric.fix2int(iRubyObjectArr[0]);
        IRubyObject newString = iRubyObjectArr.length == 2 ? iRubyObjectArr[1] : getRuntime().newString("");
        if (fix2int == 0) {
            return newString;
        }
        waitSelect(this.rsel);
        ByteBuffer allocate = ByteBuffer.allocate(fix2int);
        allocate.toString();
        int read = this.engine == null ? this.c.read(allocate) : read(allocate);
        allocate.toString();
        String str = null;
        boolean z = false;
        if (read == -1) {
            z = true;
        } else {
            byte[] bArr = new byte[read];
            allocate.position(allocate.position() - read);
            allocate.get(bArr);
            str = new String(bArr, "ISO8859_1");
        }
        allocate.toString();
        if (z) {
            throw getRuntime().newEOFError();
        }
        newString.callMethod(getRuntime().getCurrentContext(), "<<", getRuntime().newString(str));
        return newString;
    }

    public IRubyObject syswrite(IRubyObject iRubyObject) throws Exception {
        if (this.engine != null) {
            waitSelect(this.wsel);
            write(ByteBuffer.wrap(iRubyObject.toString().getBytes("PLAIN")));
            return getRuntime().newFixnum(r0.length);
        }
        waitSelect(this.wsel);
        this.c.write(ByteBuffer.wrap(iRubyObject.toString().getBytes("PLAIN")));
        return getRuntime().newFixnum(r0.length);
    }

    private void close() throws Exception {
        this.engine.closeOutbound();
        if (this.netData.hasRemaining()) {
            return;
        }
        doShutdown();
    }

    public IRubyObject sysclose() throws Exception {
        close();
        ThreadContext currentContext = getRuntime().getCurrentContext();
        if (callMethod(currentContext, "sync_close").isTrue()) {
            this.c.close();
            callMethod(currentContext, "io").callMethod(currentContext, "close");
        }
        return getRuntime().getNil();
    }

    public IRubyObject cert() {
        System.err.println("WARNING: unimplemented method called: SSLSocket#cert");
        return getRuntime().getNil();
    }

    public IRubyObject peer_cert() throws Exception {
        Certificate[] peerCertificates = this.engine.getSession().getPeerCertificates();
        return peerCertificates.length > 0 ? X509Cert.wrap(getRuntime(), peerCertificates[0]) : getRuntime().getNil();
    }

    public IRubyObject peer_cert_chain() {
        System.err.println("WARNING: unimplemented method called: SSLSocket#peer_cert_chain");
        return getRuntime().getNil();
    }

    public IRubyObject cipher() {
        System.err.println("WARNING: unimplemented method called: SSLSocket#cipher");
        return getRuntime().getNil();
    }

    public IRubyObject state() {
        System.err.println("WARNING: unimplemented method called: SSLSocket#state");
        return getRuntime().getNil();
    }

    public IRubyObject pending() {
        System.err.println("WARNING: unimplemented method called: SSLSocket#pending");
        return getRuntime().getNil();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$jruby$ext$openssl$SSLSocket == null) {
            cls = class$("org.jruby.ext.openssl.SSLSocket");
            class$org$jruby$ext$openssl$SSLSocket = cls;
        } else {
            cls = class$org$jruby$ext$openssl$SSLSocket;
        }
        $assertionsDisabled = !cls.desiredAssertionStatus();
    }
}
