package org.apache.ignite.internal.util.nio.ssl;

import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.util.LinkedList;
import java.util.Queue;
import java.util.concurrent.locks.ReentrantLock;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteException;
import org.apache.ignite.IgniteLogger;
import org.apache.ignite.internal.util.nio.GridNioEmbeddedFuture;
import org.apache.ignite.internal.util.nio.GridNioFuture;
import org.apache.ignite.internal.util.nio.GridNioFutureImpl;
import org.apache.ignite.internal.util.nio.GridNioSession;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.lang.IgniteInClosure;
import ru.cft.platform.core.runtime.util.StringLibrary;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/apache/ignite/internal/util/nio/ssl/GridNioSslHandler.class */
public class GridNioSslHandler extends ReentrantLock {
    private static final long serialVersionUID = 0;
    private IgniteLogger log;
    private SSLEngine sslEngine;
    private ByteOrder order;
    private boolean directBuf;
    private GridNioSession ses;
    private boolean handshakeFinished;
    private boolean initHandshakeComplete;
    private SSLEngineResult.HandshakeStatus handshakeStatus;
    private ByteBuffer outNetBuf;
    private ByteBuffer inNetBuf;
    private ByteBuffer appBuf;
    private GridNioSslFilter parent;
    static final /* synthetic */ boolean $assertionsDisabled;
    private ByteBuffer handshakeBuf = ByteBuffer.allocate(0);
    private Queue<WriteRequest> deferredWriteQueue = new LinkedList();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.ignite.internal.util.nio.ssl.GridNioSslHandler$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/ignite/internal/util/nio/ssl/GridNioSslHandler$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/ignite/internal/util/nio/ssl/GridNioSslHandler$WriteRequest.class */
    public static class WriteRequest {
        private final GridNioEmbeddedFuture<Object> fut;
        private final ByteBuffer buf;
        private final IgniteInClosure<IgniteException> ackC;

        private WriteRequest(GridNioEmbeddedFuture<Object> gridNioEmbeddedFuture, ByteBuffer byteBuffer, IgniteInClosure<IgniteException> igniteInClosure) {
            this.fut = gridNioEmbeddedFuture;
            this.buf = byteBuffer;
            this.ackC = igniteInClosure;
        }

        public GridNioEmbeddedFuture<Object> future() {
            return this.fut;
        }

        public ByteBuffer buffer() {
            return this.buf;
        }

        /* synthetic */ WriteRequest(GridNioEmbeddedFuture gridNioEmbeddedFuture, ByteBuffer byteBuffer, IgniteInClosure igniteInClosure, AnonymousClass1 anonymousClass1) {
            this(gridNioEmbeddedFuture, byteBuffer, igniteInClosure);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GridNioSslHandler(GridNioSslFilter gridNioSslFilter, GridNioSession gridNioSession, SSLEngine sSLEngine, boolean z, ByteOrder byteOrder, IgniteLogger igniteLogger, boolean z2, ByteBuffer byteBuffer) throws SSLException {
        if (!$assertionsDisabled && gridNioSslFilter == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && gridNioSession == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && sSLEngine == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && igniteLogger == null) {
            throw new AssertionError();
        }
        this.parent = gridNioSslFilter;
        this.ses = gridNioSession;
        this.order = byteOrder;
        this.directBuf = z;
        this.log = igniteLogger;
        this.sslEngine = sSLEngine;
        if (z2) {
            this.sslEngine.beginHandshake();
        } else {
            this.handshakeFinished = true;
            this.initHandshakeComplete = true;
        }
        this.handshakeStatus = this.sslEngine.getHandshakeStatus();
        int packetBufferSize = this.sslEngine.getSession().getPacketBufferSize() + 50;
        this.outNetBuf = z ? ByteBuffer.allocateDirect(packetBufferSize) : ByteBuffer.allocate(packetBufferSize);
        this.outNetBuf.order(byteOrder);
        this.inNetBuf = z ? ByteBuffer.allocateDirect(packetBufferSize) : ByteBuffer.allocate(packetBufferSize);
        this.inNetBuf.order(byteOrder);
        if (byteBuffer != null) {
            byteBuffer.flip();
            this.inNetBuf.put(byteBuffer);
        }
        this.outNetBuf.position(0);
        this.outNetBuf.limit(0);
        int max = Math.max(this.sslEngine.getSession().getApplicationBufferSize() + 50, packetBufferSize * 2);
        this.appBuf = z ? ByteBuffer.allocateDirect(max) : ByteBuffer.allocate(max);
        this.appBuf.order(byteOrder);
        if (igniteLogger.isDebugEnabled()) {
            igniteLogger.debug("Started SSL session [netBufSize=" + packetBufferSize + ", appBufSize=" + max + ']');
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ByteBuffer getApplicationBuffer() {
        return this.appBuf;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void shutdown() {
        try {
            this.sslEngine.closeInbound();
        } catch (SSLException e) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Unable to correctly close inbound data stream (will ignore) [msg=" + e.getMessage() + ", ses=" + this.ses + ']');
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void handshake() throws IgniteCheckedException, SSLException {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Entered handshake(): [handshakeStatus=" + this.handshakeStatus + ", ses=" + this.ses + ']');
        }
        lock();
        boolean z = true;
        while (z) {
            try {
                switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[this.handshakeStatus.ordinal()]) {
                    case 1:
                    case 2:
                        SSLSession session = this.sslEngine.getSession();
                        if (this.log.isDebugEnabled()) {
                            this.log.debug("Finished ssl handshake [protocol=" + session.getProtocol() + ", cipherSuite=" + session.getCipherSuite() + ", ses=" + this.ses + ']');
                        }
                        this.handshakeFinished = true;
                        if (!this.initHandshakeComplete) {
                            this.initHandshakeComplete = true;
                            GridNioFutureImpl gridNioFutureImpl = (GridNioFutureImpl) this.ses.removeMeta(GridNioSslFilter.HANDSHAKE_FUT_META_KEY);
                            if (gridNioFutureImpl != null) {
                                gridNioFutureImpl.onDone();
                            }
                            this.parent.proceedSessionOpened(this.ses);
                        }
                        z = false;
                        break;
                    case 3:
                        if (this.log.isDebugEnabled()) {
                            this.log.debug("Need to run ssl tasks: " + this.ses);
                        }
                        this.handshakeStatus = runTasks();
                        break;
                    case 4:
                        if (this.log.isDebugEnabled()) {
                            this.log.debug("Need to unwrap incoming data: " + this.ses);
                        }
                        if ((unwrapHandshake() == SSLEngineResult.Status.BUFFER_UNDERFLOW && this.handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED) || this.sslEngine.isInboundDone()) {
                            z = false;
                            break;
                        } else {
                            break;
                        }
                    case 5:
                        if (this.outNetBuf.hasRemaining()) {
                            U.warn(this.log, "Output net buffer has unsent bytes during handshake (will clear): " + this.ses);
                        }
                        this.outNetBuf.clear();
                        SSLEngineResult wrap = this.sslEngine.wrap(this.handshakeBuf, this.outNetBuf);
                        this.outNetBuf.flip();
                        this.handshakeStatus = wrap.getHandshakeStatus();
                        if (this.log.isDebugEnabled()) {
                            this.log.debug("Wrapped handshake data [status=" + wrap.getStatus() + ", handshakeStatus=" + this.handshakeStatus + ", ses=" + this.ses + ']');
                        }
                        writeNetBuffer(null);
                        break;
                    default:
                        throw new IllegalStateException("Invalid handshake status in handshake method [handshakeStatus=" + this.handshakeStatus + ", ses=" + this.ses + ']');
                }
            } finally {
                unlock();
            }
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("Leaved handshake(): [handshakeStatus=" + this.handshakeStatus + ", ses=" + this.ses + ']');
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void messageReceived(ByteBuffer byteBuffer) throws IgniteCheckedException, SSLException {
        if (byteBuffer.limit() > this.inNetBuf.remaining()) {
            this.inNetBuf = expandBuffer(this.inNetBuf, this.inNetBuf.capacity() + (byteBuffer.limit() * 2));
            this.appBuf = expandBuffer(this.appBuf, this.inNetBuf.capacity() * 2);
            if (this.log.isDebugEnabled()) {
                this.log.debug("Expanded buffers [inNetBufCapacity=" + this.inNetBuf.capacity() + ", appBufCapacity=" + this.appBuf.capacity() + ", ses=" + this.ses + StringLibrary.COMMA_SPACE);
            }
        }
        this.inNetBuf.put(byteBuffer);
        if (this.handshakeFinished) {
            unwrapData();
        } else {
            handshake();
        }
        if (isInboundDone()) {
            int position = byteBuffer.position() - this.inNetBuf.position();
            if (position >= 0) {
                byteBuffer.position(position);
                if (byteBuffer.hasRemaining()) {
                    U.warn(this.log, "Got unread bytes after receiving close_notify message (will ignore): " + this.ses);
                }
            }
            this.inNetBuf.clear();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ByteBuffer encrypt(ByteBuffer byteBuffer) throws SSLException {
        if (!$assertionsDisabled && !this.handshakeFinished) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !isHeldByCurrentThread()) {
            throw new AssertionError();
        }
        this.outNetBuf.clear();
        while (byteBuffer.hasRemaining()) {
            if (this.outNetBuf.capacity() - this.outNetBuf.position() < byteBuffer.remaining() * 2) {
                this.outNetBuf = expandBuffer(this.outNetBuf, Math.max(this.outNetBuf.position() + (byteBuffer.remaining() * 2), this.outNetBuf.capacity() * 2));
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Expanded output net buffer [outNetBufCapacity=" + this.outNetBuf.capacity() + ", ses=" + this.ses + ']');
                }
            }
            SSLEngineResult wrap = this.sslEngine.wrap(byteBuffer, this.outNetBuf);
            if (this.log.isDebugEnabled()) {
                this.log.debug("Encrypted data [status=" + wrap.getStatus() + ", handshakeStaus=" + wrap.getHandshakeStatus() + ", ses=" + this.ses + ']');
            }
            if (wrap.getStatus() != SSLEngineResult.Status.OK) {
                throw new SSLException("Failed to encrypt data (SSL engine error) [status=" + wrap.getStatus() + ", handshakeStatus=" + wrap.getHandshakeStatus() + ", ses=" + this.ses + ']');
            }
            if (wrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                runTasks();
            }
        }
        this.outNetBuf.flip();
        return this.outNetBuf;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isHandshakeFinished() {
        return this.handshakeFinished;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isInboundDone() {
        return this.sslEngine.isInboundDone();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isOutboundDone() {
        return this.sslEngine.isOutboundDone();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GridNioFuture<?> deferredWrite(ByteBuffer byteBuffer, IgniteInClosure<IgniteException> igniteInClosure) {
        if (!$assertionsDisabled && !isHeldByCurrentThread()) {
            throw new AssertionError();
        }
        GridNioEmbeddedFuture gridNioEmbeddedFuture = new GridNioEmbeddedFuture();
        this.deferredWriteQueue.offer(new WriteRequest(gridNioEmbeddedFuture, copy(byteBuffer), igniteInClosure, null));
        return gridNioEmbeddedFuture;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void flushDeferredWrites() throws IgniteCheckedException {
        if (!$assertionsDisabled && !isHeldByCurrentThread()) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !this.handshakeFinished) {
            throw new AssertionError();
        }
        while (!this.deferredWriteQueue.isEmpty()) {
            WriteRequest poll = this.deferredWriteQueue.poll();
            poll.future().onDone((GridNioFuture<Object>) this.parent.proceedSessionWrite(this.ses, poll.buffer(), true, poll.ackC));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean closeOutbound() throws SSLException {
        if (!$assertionsDisabled && !isHeldByCurrentThread()) {
            throw new AssertionError();
        }
        if (this.sslEngine.isOutboundDone()) {
            return false;
        }
        this.sslEngine.closeOutbound();
        this.outNetBuf.clear();
        SSLEngineResult wrap = this.sslEngine.wrap(this.handshakeBuf, this.outNetBuf);
        if (wrap.getStatus() != SSLEngineResult.Status.CLOSED) {
            throw new SSLException("Incorrect SSL engine status after closeOutbound call [status=" + wrap.getStatus() + ", handshakeStatus=" + wrap.getHandshakeStatus() + ", ses=" + this.ses + ']');
        }
        this.outNetBuf.flip();
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GridNioFuture<?> writeNetBuffer(IgniteInClosure<IgniteException> igniteInClosure) throws IgniteCheckedException {
        if (!$assertionsDisabled && !isHeldByCurrentThread()) {
            throw new AssertionError();
        }
        return this.parent.proceedSessionWrite(this.ses, copy(this.outNetBuf), true, igniteInClosure);
    }

    private void unwrapData() throws IgniteCheckedException, SSLException {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Unwrapping received data: " + this.ses);
        }
        this.inNetBuf.flip();
        SSLEngineResult unwrap0 = unwrap0();
        this.inNetBuf.compact();
        checkStatus(unwrap0);
        renegotiateIfNeeded(unwrap0);
    }

    private SSLEngineResult.Status unwrapHandshake() throws SSLException, IgniteCheckedException {
        this.inNetBuf.flip();
        SSLEngineResult unwrap0 = unwrap0();
        this.handshakeStatus = unwrap0.getHandshakeStatus();
        checkStatus(unwrap0);
        if (this.handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED && unwrap0.getStatus() == SSLEngineResult.Status.OK && this.inNetBuf.hasRemaining()) {
            unwrap0 = unwrap0();
            this.handshakeStatus = unwrap0.getHandshakeStatus();
            this.inNetBuf.compact();
            renegotiateIfNeeded(unwrap0);
        } else {
            this.inNetBuf.compact();
        }
        return unwrap0.getStatus();
    }

    private void renegotiateIfNeeded(SSLEngineResult sSLEngineResult) throws IgniteCheckedException, SSLException {
        if (sSLEngineResult.getStatus() == SSLEngineResult.Status.CLOSED || sSLEngineResult.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || sSLEngineResult.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
            return;
        }
        this.handshakeStatus = sSLEngineResult.getHandshakeStatus();
        if (this.log.isDebugEnabled()) {
            this.log.debug("Renegotiation requested [status=" + sSLEngineResult.getStatus() + ", handshakeStatus = " + this.handshakeStatus + "ses=" + this.ses + ']');
        }
        this.handshakeFinished = false;
        handshake();
    }

    private void checkStatus(SSLEngineResult sSLEngineResult) throws SSLException {
        SSLEngineResult.Status status = sSLEngineResult.getStatus();
        if (status != SSLEngineResult.Status.OK && status != SSLEngineResult.Status.CLOSED && status != SSLEngineResult.Status.BUFFER_UNDERFLOW) {
            throw new SSLException("Failed to unwrap incoming data (SSL engine error) [ses" + this.ses + ", status=" + status + ']');
        }
    }

    private SSLEngineResult unwrap0() throws SSLException {
        SSLEngineResult unwrap;
        while (true) {
            unwrap = this.sslEngine.unwrap(this.inNetBuf, this.appBuf);
            if (this.log.isDebugEnabled()) {
                this.log.debug("Unwrapped raw data [status=" + unwrap.getStatus() + ", handshakeStatus=" + unwrap.getHandshakeStatus() + ", ses=" + this.ses + ']');
            }
            if (unwrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                this.appBuf = expandBuffer(this.appBuf, this.appBuf.capacity() * 2);
            }
            if ((unwrap.getStatus() == SSLEngineResult.Status.OK || unwrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) && (this.handshakeFinished || unwrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_UNWRAP)) {
            }
        }
        return unwrap;
    }

    private SSLEngineResult.HandshakeStatus runTasks() {
        while (true) {
            Runnable delegatedTask = this.sslEngine.getDelegatedTask();
            if (delegatedTask == null) {
                break;
            }
            if (this.log.isDebugEnabled()) {
                this.log.debug("Running SSL engine task [task=" + delegatedTask + ", ses=" + this.ses + ']');
            }
            delegatedTask.run();
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("Finished running SSL engine tasks [handshakeStatus=" + this.sslEngine.getHandshakeStatus() + ", ses=" + this.ses + ']');
        }
        return this.sslEngine.getHandshakeStatus();
    }

    private ByteBuffer expandBuffer(ByteBuffer byteBuffer, int i) {
        ByteBuffer allocateDirect = this.directBuf ? ByteBuffer.allocateDirect(i) : ByteBuffer.allocate(i);
        allocateDirect.order(this.order);
        byteBuffer.flip();
        allocateDirect.put(byteBuffer);
        return allocateDirect;
    }

    private ByteBuffer copy(ByteBuffer byteBuffer) {
        ByteBuffer allocateDirect = this.directBuf ? ByteBuffer.allocateDirect(byteBuffer.remaining()) : ByteBuffer.allocate(byteBuffer.remaining());
        allocateDirect.order(this.order);
        allocateDirect.put(byteBuffer);
        allocateDirect.flip();
        return allocateDirect;
    }

    static {
        $assertionsDisabled = !GridNioSslHandler.class.desiredAssertionStatus();
    }
}
