package org.apache.tomcat.util.net;

import java.io.IOException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.HexUtils;
import org.apache.tomcat.util.http.parser.HttpParser;
import org.apache.tomcat.util.net.openssl.ciphers.Cipher;
import org.apache.tomcat.util.res.StringManager;
import org.hsqldb.Tokens;

/* loaded from: input_file:WEB-INF/lib/tomcat-embed-core-9.0.54.jar:org/apache/tomcat/util/net/TLSClientHelloExtractor.class */
public class TLSClientHelloExtractor {
    private final ExtractorResult result;
    private final List<Cipher> clientRequestedCiphers;
    private final List<String> clientRequestedCipherNames;
    private final String sniValue;
    private final List<String> clientRequestedApplicationProtocols;
    private final List<String> clientRequestedProtocols;
    private static final int TLS_RECORD_HEADER_LEN = 5;
    private static final int TLS_EXTENSION_SERVER_NAME = 0;
    private static final int TLS_EXTENSION_ALPN = 16;
    private static final int TLS_EXTENSION_SUPPORTED_VERSION = 43;
    private static final Log log = LogFactory.getLog((Class<?>) TLSClientHelloExtractor.class);
    private static final StringManager sm = StringManager.getManager((Class<?>) TLSClientHelloExtractor.class);
    public static byte[] USE_TLS_RESPONSE = "HTTP/1.1 400 \r\nContent-Type: text/plain;charset=UTF-8\r\nConnection: close\r\n\r\nBad Request\r\nThis combination of host and port requires TLS.\r\n".getBytes(StandardCharsets.UTF_8);

    /* loaded from: input_file:WEB-INF/lib/tomcat-embed-core-9.0.54.jar:org/apache/tomcat/util/net/TLSClientHelloExtractor$ExtractorResult.class */
    public enum ExtractorResult {
        COMPLETE,
        NOT_PRESENT,
        UNDERFLOW,
        NEED_READ,
        NON_SECURE
    }

    public TLSClientHelloExtractor(ByteBuffer byteBuffer) throws IOException {
        int position = byteBuffer.position();
        int limit = byteBuffer.limit();
        ExtractorResult extractorResult = ExtractorResult.NOT_PRESENT;
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        String str = null;
        try {
            try {
                byteBuffer.flip();
                if (!isAvailable(byteBuffer, 5)) {
                    this.result = handleIncompleteRead(byteBuffer);
                    this.clientRequestedCiphers = arrayList;
                    this.clientRequestedCipherNames = arrayList2;
                    this.clientRequestedApplicationProtocols = arrayList3;
                    this.sniValue = null;
                    this.clientRequestedProtocols = arrayList4;
                    byteBuffer.limit(limit);
                    byteBuffer.position(position);
                    return;
                }
                if (!isTLSHandshake(byteBuffer)) {
                    this.result = isHttp(byteBuffer) ? ExtractorResult.NON_SECURE : extractorResult;
                    this.clientRequestedCiphers = arrayList;
                    this.clientRequestedCipherNames = arrayList2;
                    this.clientRequestedApplicationProtocols = arrayList3;
                    this.sniValue = null;
                    this.clientRequestedProtocols = arrayList4;
                    byteBuffer.limit(limit);
                    byteBuffer.position(position);
                    return;
                }
                if (!isAllRecordAvailable(byteBuffer)) {
                    this.result = handleIncompleteRead(byteBuffer);
                    this.clientRequestedCiphers = arrayList;
                    this.clientRequestedCipherNames = arrayList2;
                    this.clientRequestedApplicationProtocols = arrayList3;
                    this.sniValue = null;
                    this.clientRequestedProtocols = arrayList4;
                    byteBuffer.limit(limit);
                    byteBuffer.position(position);
                    return;
                }
                if (isClientHello(byteBuffer)) {
                    if (!isAllClientHelloAvailable(byteBuffer)) {
                        log.warn(sm.getString("sniExtractor.clientHelloTooBig"));
                        this.result = extractorResult;
                        this.clientRequestedCiphers = arrayList;
                        this.clientRequestedCipherNames = arrayList2;
                        this.clientRequestedApplicationProtocols = arrayList3;
                        this.sniValue = null;
                        this.clientRequestedProtocols = arrayList4;
                        byteBuffer.limit(limit);
                        byteBuffer.position(position);
                        return;
                    }
                    String readProtocol = readProtocol(byteBuffer);
                    skipBytes(byteBuffer, 32);
                    skipBytes(byteBuffer, byteBuffer.get() & 255);
                    int i = byteBuffer.getChar() / 2;
                    for (int i2 = 0; i2 < i; i2++) {
                        char c = byteBuffer.getChar();
                        Cipher valueOf = Cipher.valueOf(c);
                        if (valueOf == null) {
                            arrayList2.add("Unknown(0x" + HexUtils.toHexString(c) + Tokens.T_CLOSEBRACKET);
                        } else {
                            arrayList.add(valueOf);
                            arrayList2.add(valueOf.name());
                        }
                    }
                    skipBytes(byteBuffer, byteBuffer.get() & 255);
                    if (!byteBuffer.hasRemaining()) {
                        this.result = extractorResult;
                        this.clientRequestedCiphers = arrayList;
                        this.clientRequestedCipherNames = arrayList2;
                        this.clientRequestedApplicationProtocols = arrayList3;
                        this.sniValue = null;
                        this.clientRequestedProtocols = arrayList4;
                        byteBuffer.limit(limit);
                        byteBuffer.position(position);
                        return;
                    }
                    skipBytes(byteBuffer, 2);
                    while (byteBuffer.hasRemaining() && (str == null || arrayList3.isEmpty() || arrayList4.isEmpty())) {
                        char c2 = byteBuffer.getChar();
                        char c3 = byteBuffer.getChar();
                        switch (c2) {
                            case 0:
                                str = readSniExtension(byteBuffer);
                                break;
                            case 16:
                                readAlpnExtension(byteBuffer, arrayList3);
                                break;
                            case '+':
                                readSupportedVersions(byteBuffer, arrayList4);
                                break;
                            default:
                                skipBytes(byteBuffer, c3);
                                break;
                        }
                    }
                    if (arrayList4.isEmpty()) {
                        arrayList4.add(readProtocol);
                    }
                    this.result = ExtractorResult.COMPLETE;
                    this.clientRequestedCiphers = arrayList;
                    this.clientRequestedCipherNames = arrayList2;
                    this.clientRequestedApplicationProtocols = arrayList3;
                    this.sniValue = str;
                    this.clientRequestedProtocols = arrayList4;
                    byteBuffer.limit(limit);
                    byteBuffer.position(position);
                }
            } catch (IllegalArgumentException | BufferUnderflowException e) {
                throw new IOException(sm.getString("sniExtractor.clientHelloInvalid"), e);
            }
        } finally {
            this.result = extractorResult;
            this.clientRequestedCiphers = arrayList;
            this.clientRequestedCipherNames = arrayList2;
            this.clientRequestedApplicationProtocols = arrayList3;
            this.sniValue = null;
            this.clientRequestedProtocols = arrayList4;
            byteBuffer.limit(limit);
            byteBuffer.position(position);
        }
    }

    public ExtractorResult getResult() {
        return this.result;
    }

    public String getSNIValue() {
        if (this.result == ExtractorResult.COMPLETE) {
            return this.sniValue;
        }
        throw new IllegalStateException(sm.getString("sniExtractor.tooEarly"));
    }

    public List<Cipher> getClientRequestedCiphers() {
        if (this.result == ExtractorResult.COMPLETE || this.result == ExtractorResult.NOT_PRESENT) {
            return this.clientRequestedCiphers;
        }
        throw new IllegalStateException(sm.getString("sniExtractor.tooEarly"));
    }

    public List<String> getClientRequestedCipherNames() {
        if (this.result == ExtractorResult.COMPLETE || this.result == ExtractorResult.NOT_PRESENT) {
            return this.clientRequestedCipherNames;
        }
        throw new IllegalStateException(sm.getString("sniExtractor.tooEarly"));
    }

    public List<String> getClientRequestedApplicationProtocols() {
        if (this.result == ExtractorResult.COMPLETE || this.result == ExtractorResult.NOT_PRESENT) {
            return this.clientRequestedApplicationProtocols;
        }
        throw new IllegalStateException(sm.getString("sniExtractor.tooEarly"));
    }

    public List<String> getClientRequestedProtocols() {
        if (this.result == ExtractorResult.COMPLETE || this.result == ExtractorResult.NOT_PRESENT) {
            return this.clientRequestedProtocols;
        }
        throw new IllegalStateException(sm.getString("sniExtractor.tooEarly"));
    }

    private static ExtractorResult handleIncompleteRead(ByteBuffer byteBuffer) {
        return byteBuffer.limit() == byteBuffer.capacity() ? ExtractorResult.UNDERFLOW : ExtractorResult.NEED_READ;
    }

    private static boolean isAvailable(ByteBuffer byteBuffer, int i) {
        if (byteBuffer.remaining() >= i) {
            return true;
        }
        byteBuffer.position(byteBuffer.limit());
        return false;
    }

    private static boolean isTLSHandshake(ByteBuffer byteBuffer) {
        if (byteBuffer.get() != 22) {
            return false;
        }
        byte b = byteBuffer.get();
        byte b2 = byteBuffer.get();
        if (b >= 3) {
            return (b == 3 && b2 == 0) ? false : true;
        }
        return false;
    }

    private static boolean isHttp(ByteBuffer byteBuffer) {
        byteBuffer.position(0);
        while (byteBuffer.hasRemaining()) {
            byte b = byteBuffer.get();
            if (b != 13 && b != 10) {
                while (HttpParser.isToken(b) && byteBuffer.hasRemaining()) {
                    b = byteBuffer.get();
                    if (b == 32 || b == 9) {
                        while (true) {
                            if (b != 32 && b != 9) {
                                while (b != 32 && b != 9) {
                                    if (HttpParser.isNotRequestTarget(b) || !byteBuffer.hasRemaining()) {
                                        return false;
                                    }
                                    b = byteBuffer.get();
                                }
                                while (true) {
                                    if (b != 32 && b != 9) {
                                        while (HttpParser.isHttpProtocol(b) && byteBuffer.hasRemaining()) {
                                            b = byteBuffer.get();
                                            if (b == 13 || b == 10) {
                                                return true;
                                            }
                                        }
                                        return false;
                                    }
                                    if (!byteBuffer.hasRemaining()) {
                                        return false;
                                    }
                                    b = byteBuffer.get();
                                }
                            } else {
                                if (!byteBuffer.hasRemaining()) {
                                    return false;
                                }
                                b = byteBuffer.get();
                            }
                        }
                    }
                }
                return false;
            }
        }
        return false;
    }

    private static boolean isAllRecordAvailable(ByteBuffer byteBuffer) {
        return isAvailable(byteBuffer, byteBuffer.getChar());
    }

    private static boolean isClientHello(ByteBuffer byteBuffer) {
        return byteBuffer.get() == 1;
    }

    private static boolean isAllClientHelloAvailable(ByteBuffer byteBuffer) {
        return isAvailable(byteBuffer, ((byteBuffer.get() & 255) << 16) + ((byteBuffer.get() & 255) << 8) + (byteBuffer.get() & 255));
    }

    private static void skipBytes(ByteBuffer byteBuffer, int i) {
        byteBuffer.position(byteBuffer.position() + i);
    }

    private static String readProtocol(ByteBuffer byteBuffer) {
        char c = byteBuffer.getChar();
        switch (c) {
            case 768:
                return Constants.SSL_PROTO_SSLv3;
            case 769:
                return Constants.SSL_PROTO_TLSv1_0;
            case 770:
                return Constants.SSL_PROTO_TLSv1_1;
            case 771:
                return Constants.SSL_PROTO_TLSv1_2;
            case 772:
                return Constants.SSL_PROTO_TLSv1_3;
            default:
                return "Unknown(0x" + HexUtils.toHexString(c) + Tokens.T_CLOSEBRACKET;
        }
    }

    private static String readSniExtension(ByteBuffer byteBuffer) {
        skipBytes(byteBuffer, 3);
        byte[] bArr = new byte[byteBuffer.getChar()];
        byteBuffer.get(bArr);
        return new String(bArr, StandardCharsets.UTF_8).toLowerCase(Locale.ENGLISH);
    }

    private static void readAlpnExtension(ByteBuffer byteBuffer, List<String> list) {
        char c = byteBuffer.getChar();
        byte[] bArr = new byte[255];
        while (c > 0) {
            int i = byteBuffer.get() & 255;
            byteBuffer.get(bArr, 0, i);
            list.add(new String(bArr, 0, i, StandardCharsets.UTF_8));
            c = (char) (((char) (c - 1)) - i);
        }
    }

    private static void readSupportedVersions(ByteBuffer byteBuffer, List<String> list) {
        int i = (byteBuffer.get() & 255) / 2;
        for (int i2 = 0; i2 < i; i2++) {
            list.add(readProtocol(byteBuffer));
        }
    }
}
