package org.apache.tomcat.util.net;

import java.io.EOFException;
import java.io.IOException;
import java.net.SocketTimeoutException;
import java.nio.ByteBuffer;
import java.nio.channels.SelectionKey;
import java.nio.channels.Selector;
import java.nio.channels.SocketChannel;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteBufferUtils;
import org.apache.tomcat.util.net.NioEndpoint;
import org.apache.tomcat.util.net.TLSClientHelloExtractor;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-9.0.80.jar:org/apache/tomcat/util/net/SecureNioChannel.class */
public class SecureNioChannel extends NioChannel {
    private static final Log log = LogFactory.getLog((Class<?>) SecureNioChannel.class);
    private static final StringManager sm = StringManager.getManager((Class<?>) SecureNioChannel.class);
    private static final int DEFAULT_NET_BUFFER_SIZE = 16921;
    private final NioEndpoint endpoint;
    protected ByteBuffer netInBuffer;
    protected ByteBuffer netOutBuffer;
    protected SSLEngine sslEngine;
    protected boolean sniComplete;
    protected boolean handshakeComplete;
    protected SSLEngineResult.HandshakeStatus handshakeStatus;
    protected boolean closed;
    protected boolean closing;
    private final Map<String, List<String>> additionalTlsAttributes;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.tomcat.util.net.SecureNioChannel$1, reason: invalid class name */
    /* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-9.0.80.jar:org/apache/tomcat/util/net/SecureNioChannel$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus;

        static {
            try {
                $SwitchMap$org$apache$tomcat$util$net$TLSClientHelloExtractor$ExtractorResult[TLSClientHelloExtractor.ExtractorResult.COMPLETE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$tomcat$util$net$TLSClientHelloExtractor$ExtractorResult[TLSClientHelloExtractor.ExtractorResult.NOT_PRESENT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$tomcat$util$net$TLSClientHelloExtractor$ExtractorResult[TLSClientHelloExtractor.ExtractorResult.NEED_READ.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$tomcat$util$net$TLSClientHelloExtractor$ExtractorResult[TLSClientHelloExtractor.ExtractorResult.UNDERFLOW.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$tomcat$util$net$TLSClientHelloExtractor$ExtractorResult[TLSClientHelloExtractor.ExtractorResult.NON_SECURE.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 1;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 2;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 3;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 4;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 5;
            } catch (NoSuchFieldError e10) {
            }
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-9.0.80.jar:org/apache/tomcat/util/net/SecureNioChannel$OverflowState.class */
    private enum OverflowState {
        NONE,
        PROCESSING,
        DONE
    }

    public SecureNioChannel(SocketBufferHandler socketBufferHandler, NioEndpoint nioEndpoint) {
        super(socketBufferHandler);
        this.sniComplete = false;
        this.handshakeComplete = false;
        this.closed = false;
        this.closing = false;
        this.additionalTlsAttributes = new HashMap();
        if (nioEndpoint.getSocketProperties().getDirectSslBuffer()) {
            this.netInBuffer = ByteBuffer.allocateDirect(DEFAULT_NET_BUFFER_SIZE);
            this.netOutBuffer = ByteBuffer.allocateDirect(DEFAULT_NET_BUFFER_SIZE);
        } else {
            this.netInBuffer = ByteBuffer.allocate(DEFAULT_NET_BUFFER_SIZE);
            this.netOutBuffer = ByteBuffer.allocate(DEFAULT_NET_BUFFER_SIZE);
        }
        this.endpoint = nioEndpoint;
    }

    @Override // org.apache.tomcat.util.net.NioChannel
    public void reset(SocketChannel socketChannel, NioEndpoint.NioSocketWrapper nioSocketWrapper) throws IOException {
        super.reset(socketChannel, nioSocketWrapper);
        this.sslEngine = null;
        this.sniComplete = false;
        this.handshakeComplete = false;
        this.closed = false;
        this.closing = false;
        this.netInBuffer.clear();
    }

    @Override // org.apache.tomcat.util.net.NioChannel
    public void free() {
        super.free();
        if (this.endpoint.getSocketProperties().getDirectSslBuffer()) {
            ByteBufferUtils.cleanDirectBuffer(this.netInBuffer);
            ByteBufferUtils.cleanDirectBuffer(this.netOutBuffer);
        }
    }

    protected boolean flush(ByteBuffer byteBuffer) throws IOException {
        int remaining = byteBuffer.remaining();
        return remaining <= 0 || this.sc.write(byteBuffer) >= remaining;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:19:0x0044. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:33:0x0163  */
    /* JADX WARN: Removed duplicated region for block: B:40:0x0178 A[SYNTHETIC] */
    @Override // org.apache.tomcat.util.net.NioChannel
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public int handshake(boolean r10, boolean r11) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 455
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.tomcat.util.net.SecureNioChannel.handshake(boolean, boolean):int");
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:13:0x00a3. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:25:0x0140  */
    /* JADX WARN: Removed duplicated region for block: B:28:0x01b8  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private int processSNI() throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 562
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.tomcat.util.net.SecureNioChannel.processSNI():int");
    }

    public void rehandshake(long j) throws IOException {
        if (this.netInBuffer.position() > 0 && this.netInBuffer.position() < this.netInBuffer.limit()) {
            throw new IOException(sm.getString("channel.nio.ssl.netInputNotEmpty"));
        }
        if (this.netOutBuffer.position() > 0 && this.netOutBuffer.position() < this.netOutBuffer.limit()) {
            throw new IOException(sm.getString("channel.nio.ssl.netOutputNotEmpty"));
        }
        if (!getBufHandler().isReadBufferEmpty()) {
            throw new IOException(sm.getString("channel.nio.ssl.appInputNotEmpty"));
        }
        if (!getBufHandler().isWriteBufferEmpty()) {
            throw new IOException(sm.getString("channel.nio.ssl.appOutputNotEmpty"));
        }
        this.handshakeComplete = false;
        boolean z = false;
        boolean z2 = false;
        boolean z3 = true;
        Selector selector = null;
        SelectionKey selectionKey = null;
        try {
            try {
                this.sslEngine.beginHandshake();
                this.handshakeStatus = this.sslEngine.getHandshakeStatus();
                while (z3) {
                    int handshake = handshake(z, z2);
                    switch (handshake) {
                        case -1:
                            throw new EOFException(sm.getString("channel.nio.ssl.eofDuringHandshake"));
                        case 0:
                            z3 = false;
                            break;
                        default:
                            long currentTimeMillis = System.currentTimeMillis();
                            if (selector == null) {
                                selector = Selector.open();
                                selectionKey = getIOChannel().register(selector, handshake);
                            } else {
                                selectionKey.interestOps(handshake);
                            }
                            if (selector.select(j) == 0 && System.currentTimeMillis() - currentTimeMillis >= j) {
                                throw new SocketTimeoutException(sm.getString("channel.nio.ssl.timeoutDuringHandshake"));
                            }
                            z = selectionKey.isReadable();
                            z2 = selectionKey.isWritable();
                            break;
                    }
                }
                if (selectionKey != null) {
                    try {
                        selectionKey.cancel();
                    } catch (Exception e) {
                    }
                }
                if (selector != null) {
                    try {
                        selector.close();
                    } catch (Exception e2) {
                    }
                }
            } catch (IOException e3) {
                closeSilently();
                throw e3;
            } catch (Exception e4) {
                closeSilently();
                throw new IOException(e4);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    selectionKey.cancel();
                } catch (Exception e5) {
                }
            }
            if (0 != 0) {
                try {
                    selector.close();
                } catch (Exception e6) {
                }
            }
            throw th;
        }
    }

    protected SSLEngineResult.HandshakeStatus tasks() {
        while (true) {
            Runnable delegatedTask = this.sslEngine.getDelegatedTask();
            if (delegatedTask == null) {
                return this.sslEngine.getHandshakeStatus();
            }
            delegatedTask.run();
        }
    }

    protected SSLEngineResult handshakeWrap(boolean z) throws IOException {
        this.netOutBuffer.clear();
        getBufHandler().configureWriteBufferForRead();
        SSLEngineResult wrap = this.sslEngine.wrap(getBufHandler().getWriteBuffer(), this.netOutBuffer);
        this.netOutBuffer.flip();
        this.handshakeStatus = wrap.getHandshakeStatus();
        if (z) {
            flush(this.netOutBuffer);
        }
        return wrap;
    }

    protected SSLEngineResult handshakeUnwrap(boolean z) throws IOException {
        SSLEngineResult unwrap;
        if (this.netInBuffer.position() == this.netInBuffer.limit()) {
            this.netInBuffer.clear();
        }
        if (z && this.sc.read(this.netInBuffer) == -1) {
            throw new IOException(sm.getString("channel.nio.ssl.eofDuringHandshake"));
        }
        do {
            this.netInBuffer.flip();
            getBufHandler().configureReadBufferForWrite();
            unwrap = this.sslEngine.unwrap(this.netInBuffer, getBufHandler().getReadBuffer());
            this.netInBuffer.compact();
            this.handshakeStatus = unwrap.getHandshakeStatus();
            if (unwrap.getStatus() == SSLEngineResult.Status.OK && unwrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                this.handshakeStatus = tasks();
            }
        } while (unwrap.getStatus() == SSLEngineResult.Status.OK && this.handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP);
        return unwrap;
    }

    public SSLSupport getSSLSupport() {
        if (this.sslEngine == null) {
            return null;
        }
        return this.endpoint.getSslImplementation().getSSLSupport(this.sslEngine.getSession(), this.additionalTlsAttributes);
    }

    @Override // org.apache.tomcat.util.net.NioChannel, java.nio.channels.Channel, java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.closing) {
            return;
        }
        this.closing = true;
        if (this.sslEngine == null) {
            this.netOutBuffer.clear();
            this.closed = true;
            return;
        }
        this.sslEngine.closeOutbound();
        if (!flush(this.netOutBuffer)) {
            throw new IOException(sm.getString("channel.nio.ssl.remainingDataDuringClose"));
        }
        this.netOutBuffer.clear();
        SSLEngineResult wrap = this.sslEngine.wrap(getEmptyBuf(), this.netOutBuffer);
        if (wrap.getStatus() != SSLEngineResult.Status.CLOSED) {
            throw new IOException(sm.getString("channel.nio.ssl.invalidCloseState"));
        }
        this.netOutBuffer.flip();
        flush(this.netOutBuffer);
        this.closed = (this.netOutBuffer.hasRemaining() || wrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP) ? false : true;
    }

    @Override // org.apache.tomcat.util.net.NioChannel
    public void close(boolean z) throws IOException {
        try {
            close();
            if (z || this.closed) {
                this.closed = true;
                this.sc.close();
            }
        } catch (Throwable th) {
            if (z || this.closed) {
                this.closed = true;
                this.sc.close();
            }
            throw th;
        }
    }

    private void closeSilently() {
        try {
            close(true);
        } catch (IOException e) {
            log.debug(sm.getString("channel.nio.ssl.closeSilentError"), e);
        }
    }

    @Override // org.apache.tomcat.util.net.NioChannel, java.nio.channels.ReadableByteChannel
    public int read(ByteBuffer byteBuffer) throws IOException {
        if (this.closing || this.closed) {
            return -1;
        }
        if (!this.handshakeComplete) {
            throw new IllegalStateException(sm.getString("channel.nio.ssl.incompleteHandshake"));
        }
        if (this.sc.read(this.netInBuffer) == -1) {
            return -1;
        }
        int i = 0;
        do {
            this.netInBuffer.flip();
            SSLEngineResult unwrap = this.sslEngine.unwrap(this.netInBuffer, byteBuffer);
            this.netInBuffer.compact();
            if (unwrap.getStatus() == SSLEngineResult.Status.OK || unwrap.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                i += unwrap.bytesProduced();
                if (unwrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                    tasks();
                }
                if (unwrap.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                    break;
                }
            } else if (unwrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                if (i > 0) {
                    break;
                }
                if (byteBuffer == getBufHandler().getReadBuffer()) {
                    getBufHandler().expand(this.sslEngine.getSession().getApplicationBufferSize());
                    byteBuffer = getBufHandler().getReadBuffer();
                } else {
                    if (getAppReadBufHandler() == null || byteBuffer != getAppReadBufHandler().getByteBuffer()) {
                        throw new IOException(sm.getString("channel.nio.ssl.unwrapFailResize", unwrap.getStatus()));
                    }
                    getAppReadBufHandler().expand(this.sslEngine.getSession().getApplicationBufferSize());
                    byteBuffer = getAppReadBufHandler().getByteBuffer();
                }
            } else if (unwrap.getStatus() != SSLEngineResult.Status.CLOSED || this.netInBuffer.position() != 0 || i <= 0) {
                throw new IOException(sm.getString("channel.nio.ssl.unwrapFail", unwrap.getStatus()));
            }
        } while (this.netInBuffer.position() != 0);
        return i;
    }

    @Override // org.apache.tomcat.util.net.NioChannel, java.nio.channels.ScatteringByteChannel
    public long read(ByteBuffer[] byteBufferArr, int i, int i2) throws IOException {
        if (this.closing || this.closed) {
            return -1L;
        }
        if (!this.handshakeComplete) {
            throw new IllegalStateException(sm.getString("channel.nio.ssl.incompleteHandshake"));
        }
        if (this.sc.read(this.netInBuffer) == -1) {
            return -1L;
        }
        int i3 = 0;
        OverflowState overflowState = OverflowState.NONE;
        do {
            if (overflowState == OverflowState.PROCESSING) {
                overflowState = OverflowState.DONE;
            }
            this.netInBuffer.flip();
            SSLEngineResult unwrap = this.sslEngine.unwrap(this.netInBuffer, byteBufferArr, i, i2);
            this.netInBuffer.compact();
            if (unwrap.getStatus() == SSLEngineResult.Status.OK || unwrap.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                i3 += unwrap.bytesProduced();
                if (overflowState == OverflowState.DONE) {
                    i3 -= getBufHandler().getReadBuffer().position();
                }
                if (unwrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                    tasks();
                }
                if (unwrap.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                    break;
                }
                if (this.netInBuffer.position() != 0 && overflowState != OverflowState.PROCESSING) {
                    break;
                }
            } else {
                if (unwrap.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW) {
                    throw new IOException(sm.getString("channel.nio.ssl.unwrapFail", unwrap.getStatus()));
                }
                if (i3 > 0) {
                    break;
                }
                ByteBuffer readBuffer = getBufHandler().getReadBuffer();
                boolean z = false;
                boolean z2 = true;
                for (int i4 = 0; i4 < i2; i4++) {
                    if (byteBufferArr[i + i4] == getBufHandler().getReadBuffer()) {
                        getBufHandler().expand(this.sslEngine.getSession().getApplicationBufferSize());
                        if (byteBufferArr[i + i4] == getBufHandler().getReadBuffer()) {
                            z2 = false;
                        }
                        byteBufferArr[i + i4] = getBufHandler().getReadBuffer();
                        z = true;
                    } else if (getAppReadBufHandler() != null && byteBufferArr[i + i4] == getAppReadBufHandler().getByteBuffer()) {
                        getAppReadBufHandler().expand(this.sslEngine.getSession().getApplicationBufferSize());
                        if (byteBufferArr[i + i4] == getAppReadBufHandler().getByteBuffer()) {
                            z2 = false;
                        }
                        byteBufferArr[i + i4] = getAppReadBufHandler().getByteBuffer();
                        z = true;
                    }
                }
                if (!z) {
                    ByteBuffer[] byteBufferArr2 = new ByteBuffer[byteBufferArr.length + 1];
                    int i5 = 0;
                    for (int i6 = 0; i6 < byteBufferArr.length + 1; i6++) {
                        if (i6 == i + i2) {
                            byteBufferArr2[i6] = readBuffer;
                            i5 = -1;
                        } else {
                            byteBufferArr2[i6] = byteBufferArr[i6 + i5];
                        }
                    }
                    byteBufferArr = byteBufferArr2;
                    i2++;
                    getBufHandler().configureReadBufferForWrite();
                    overflowState = OverflowState.PROCESSING;
                } else if (!z2) {
                    throw new IOException(sm.getString("channel.nio.ssl.unwrapFail", unwrap.getStatus()));
                }
                if (this.netInBuffer.position() != 0) {
                }
            }
        } while (overflowState != OverflowState.DONE);
        return i3;
    }

    @Override // org.apache.tomcat.util.net.NioChannel, java.nio.channels.WritableByteChannel
    public int write(ByteBuffer byteBuffer) throws IOException {
        checkInterruptStatus();
        if (byteBuffer == this.netOutBuffer) {
            return this.sc.write(byteBuffer);
        }
        if (this.closing || this.closed) {
            throw new IOException(sm.getString("channel.nio.ssl.closing"));
        }
        if (!flush(this.netOutBuffer) || !byteBuffer.hasRemaining()) {
            return 0;
        }
        this.netOutBuffer.clear();
        SSLEngineResult wrap = this.sslEngine.wrap(byteBuffer, this.netOutBuffer);
        int bytesConsumed = wrap.bytesConsumed();
        this.netOutBuffer.flip();
        if (wrap.getStatus() != SSLEngineResult.Status.OK) {
            throw new IOException(sm.getString("channel.nio.ssl.wrapFail", wrap.getStatus()));
        }
        if (wrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
            tasks();
        }
        flush(this.netOutBuffer);
        return bytesConsumed;
    }

    @Override // org.apache.tomcat.util.net.NioChannel, java.nio.channels.GatheringByteChannel
    public long write(ByteBuffer[] byteBufferArr, int i, int i2) throws IOException {
        checkInterruptStatus();
        if (this.closing || this.closed) {
            throw new IOException(sm.getString("channel.nio.ssl.closing"));
        }
        if (!flush(this.netOutBuffer)) {
            return 0L;
        }
        this.netOutBuffer.clear();
        SSLEngineResult wrap = this.sslEngine.wrap(byteBufferArr, i, i2, this.netOutBuffer);
        int bytesConsumed = wrap.bytesConsumed();
        this.netOutBuffer.flip();
        if (wrap.getStatus() != SSLEngineResult.Status.OK) {
            throw new IOException(sm.getString("channel.nio.ssl.wrapFail", wrap.getStatus()));
        }
        if (wrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
            tasks();
        }
        flush(this.netOutBuffer);
        return bytesConsumed;
    }

    @Override // org.apache.tomcat.util.net.NioChannel
    public int getOutboundRemaining() {
        return this.netOutBuffer.remaining();
    }

    @Override // org.apache.tomcat.util.net.NioChannel
    public boolean flushOutbound() throws IOException {
        int remaining = this.netOutBuffer.remaining();
        flush(this.netOutBuffer);
        return this.netOutBuffer.remaining() < remaining;
    }

    @Override // org.apache.tomcat.util.net.NioChannel
    public boolean isHandshakeComplete() {
        return this.handshakeComplete;
    }

    @Override // org.apache.tomcat.util.net.NioChannel
    public boolean isClosing() {
        return this.closing;
    }

    public SSLEngine getSslEngine() {
        return this.sslEngine;
    }

    public ByteBuffer getEmptyBuf() {
        return emptyBuf;
    }
}
