package com.sun.grizzly.filter;

import com.sun.grizzly.Context;
import com.sun.grizzly.Controller;
import com.sun.grizzly.ProtocolFilter;
import com.sun.grizzly.util.SSLUtils;
import com.sun.grizzly.util.WorkerThreadImpl;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.SelectionKey;
import java.nio.channels.SocketChannel;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;

/* loaded from: input_file:com/sun/grizzly/filter/SSLReadFilter.class */
public class SSLReadFilter implements ProtocolFilter {
    public static final String HANDSHAKE = "handshake";
    protected SSLContext sslContext;
    public static final String EXPIRE_TIME = "expireTime";
    private String[] enabledCipherSuites = null;
    private String[] enabledProtocols = null;
    private boolean clientMode = false;
    private boolean needClientAuth = false;
    private boolean wantClientAuth = false;
    private boolean isProtocolConfigured = false;
    private boolean isCipherConfigured = false;
    protected int inputBBSize = 20480;

    @Override // com.sun.grizzly.ProtocolFilter
    public boolean execute(Context context) throws IOException {
        boolean z = true;
        int i = 0;
        SelectionKey selectionKey = context.getSelectionKey();
        try {
            WorkerThreadImpl workerThreadImpl = (WorkerThreadImpl) Thread.currentThread();
            SSLEngine newSSLEngine = newSSLEngine(selectionKey);
            workerThreadImpl.setSSLEngine(newSSLEngine);
            selectionKey.attach(newSSLEngine);
            context.setProtocol(Controller.Protocol.TLS);
            boolean z2 = true;
            if (newSSLEngine.getSession().getValue(HANDSHAKE) != null) {
                z2 = ((Boolean) newSSLEngine.getSession().getValue(HANDSHAKE)).booleanValue();
            }
            try {
                try {
                    allocateBuffers();
                    if (!doHandshake(selectionKey, SSLUtils.getReadTimeout())) {
                        i = -1;
                    } else if (z2) {
                        newSSLEngine.getSession().putValue(HANDSHAKE, Boolean.FALSE);
                    } else {
                        i = doRead(selectionKey);
                    }
                    if (0 != 0 || i == -1) {
                        context.setAttribute(Context.THROWABLE, null);
                        context.setKeyRegistrationState(Context.KeyRegistrationState.CANCEL);
                        z = false;
                    }
                } catch (IOException e) {
                    log("SSLReadFilter.execute", e);
                    if (e != null || 0 == -1) {
                        context.setAttribute(Context.THROWABLE, e);
                        context.setKeyRegistrationState(Context.KeyRegistrationState.CANCEL);
                        z = false;
                    }
                } catch (Throwable th) {
                    log("SSLReadFilter.execute", th);
                    if (th != null || 0 == -1) {
                        context.setAttribute(Context.THROWABLE, th);
                        context.setKeyRegistrationState(Context.KeyRegistrationState.CANCEL);
                        z = false;
                    }
                }
                return z;
            } catch (Throwable th2) {
                if (0 != 0 || 0 == -1) {
                    context.setAttribute(Context.THROWABLE, null);
                    context.setKeyRegistrationState(Context.KeyRegistrationState.CANCEL);
                }
                throw th2;
            }
        } catch (ClassCastException e2) {
            throw new IllegalStateException(e2.getMessage());
        }
    }

    @Override // com.sun.grizzly.ProtocolFilter
    public boolean postExecute(Context context) throws IOException {
        context.setProtocol(Controller.Protocol.TCP);
        if (context.getKeyRegistrationState() == Context.KeyRegistrationState.CANCEL) {
            context.getController().cancelKey(context.getSelectionKey());
            return true;
        }
        if (context.getKeyRegistrationState() != Context.KeyRegistrationState.REGISTER) {
            return true;
        }
        ((SSLEngine) context.getSelectionKey().attachment()).getSession().putValue(EXPIRE_TIME, Long.valueOf(System.currentTimeMillis()));
        context.getController().registerKey(context.getSelectionKey(), 1, context.getProtocol());
        return true;
    }

    protected void allocateBuffers() {
        WorkerThreadImpl workerThreadImpl = (WorkerThreadImpl) Thread.currentThread();
        ByteBuffer byteBuffer = workerThreadImpl.getByteBuffer();
        ByteBuffer outputBB = workerThreadImpl.getOutputBB();
        ByteBuffer inputBB = workerThreadImpl.getInputBB();
        int packetBufferSize = workerThreadImpl.getSSLEngine().getSession().getPacketBufferSize();
        if (this.inputBBSize < packetBufferSize) {
            this.inputBBSize = packetBufferSize;
        }
        if (inputBB != null && inputBB.capacity() < this.inputBBSize) {
            ByteBuffer allocate = ByteBuffer.allocate(this.inputBBSize);
            inputBB.flip();
            allocate.put(inputBB);
            inputBB = allocate;
        } else if (inputBB == null) {
            inputBB = ByteBuffer.allocate(this.inputBBSize);
        }
        if (outputBB == null) {
            outputBB = ByteBuffer.allocate(this.inputBBSize);
        }
        if (byteBuffer == null) {
            byteBuffer = ByteBuffer.allocate(this.inputBBSize * 2);
        }
        int applicationBufferSize = workerThreadImpl.getSSLEngine().getSession().getApplicationBufferSize();
        if (applicationBufferSize > byteBuffer.capacity()) {
            ByteBuffer allocate2 = ByteBuffer.allocate(applicationBufferSize);
            byteBuffer.flip();
            allocate2.put(byteBuffer);
            byteBuffer = allocate2;
        }
        workerThreadImpl.setInputBB(inputBB);
        workerThreadImpl.setOutputBB(outputBB);
        workerThreadImpl.setByteBuffer(byteBuffer);
        outputBB.position(0);
        outputBB.limit(0);
    }

    protected boolean doHandshake(SelectionKey selectionKey, int i) throws IOException {
        WorkerThreadImpl workerThreadImpl = (WorkerThreadImpl) Thread.currentThread();
        boolean z = true;
        try {
            SSLUtils.doHandshake(selectionKey, workerThreadImpl.getByteBuffer(), workerThreadImpl.getInputBB(), workerThreadImpl.getOutputBB(), workerThreadImpl.getSSLEngine(), SSLEngineResult.HandshakeStatus.NEED_UNWRAP, i);
        } catch (EOFException e) {
            Logger logger = Controller.logger();
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "doHandshake", (Throwable) e);
            }
            z = false;
        }
        if (doRead(selectionKey) == -1) {
            throw new EOFException();
        }
        return z;
    }

    private int doRead(SelectionKey selectionKey) {
        WorkerThreadImpl workerThreadImpl = (WorkerThreadImpl) Thread.currentThread();
        ByteBuffer byteBuffer = workerThreadImpl.getByteBuffer();
        ByteBuffer outputBB = workerThreadImpl.getOutputBB();
        ByteBuffer inputBB = workerThreadImpl.getInputBB();
        SSLEngine sSLEngine = workerThreadImpl.getSSLEngine();
        int i = -1;
        try {
            i = ((SocketChannel) selectionKey.channel()).read(inputBB);
            if (i != -1) {
                ByteBuffer unwrapAll = SSLUtils.unwrapAll(byteBuffer, inputBB, sSLEngine);
                workerThreadImpl.setInputBB(inputBB);
                workerThreadImpl.setOutputBB(outputBB);
                workerThreadImpl.setByteBuffer(unwrapAll);
            }
            if (i == -1) {
                try {
                    sSLEngine.closeInbound();
                } catch (SSLException e) {
                }
            }
            return i;
        } catch (IOException e2) {
            if (i == -1) {
                try {
                    sSLEngine.closeInbound();
                } catch (SSLException e3) {
                }
            }
            return -1;
        } catch (Throwable th) {
            if (i == -1) {
                try {
                    sSLEngine.closeInbound();
                } catch (SSLException e4) {
                }
            }
            throw th;
        }
    }

    protected Object[] doPeerCertificateChain(SelectionKey selectionKey, boolean z) throws IOException {
        Logger logger = Controller.logger();
        WorkerThreadImpl workerThreadImpl = (WorkerThreadImpl) Thread.currentThread();
        ByteBuffer byteBuffer = workerThreadImpl.getByteBuffer();
        ByteBuffer outputBB = workerThreadImpl.getOutputBB();
        SSLEngine sSLEngine = workerThreadImpl.getSSLEngine();
        Certificate[] certificateArr = null;
        try {
            certificateArr = sSLEngine.getSession().getPeerCertificates();
        } catch (Throwable th) {
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "Error getting client certs", th);
            }
        }
        if (certificateArr == null && z) {
            sSLEngine.getSession().invalidate();
            sSLEngine.setNeedClientAuth(true);
            sSLEngine.beginHandshake();
            (byteBuffer.position() != byteBuffer.limit() ? ByteBuffer.allocate(byteBuffer.capacity()) : byteBuffer).clear();
            outputBB.position(0);
            outputBB.limit(0);
            try {
                try {
                    doHandshake(selectionKey, 0);
                    workerThreadImpl.setByteBuffer(byteBuffer);
                    byteBuffer.clear();
                    try {
                        certificateArr = sSLEngine.getSession().getPeerCertificates();
                    } catch (Throwable th2) {
                        if (logger.isLoggable(Level.FINE)) {
                            logger.log(Level.FINE, "Error getting client certs", th2);
                        }
                    }
                } catch (Throwable th3) {
                    workerThreadImpl.setByteBuffer(byteBuffer);
                    byteBuffer.clear();
                    throw th3;
                }
            } catch (Throwable th4) {
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "Error during handshake", th4);
                }
                workerThreadImpl.setByteBuffer(byteBuffer);
                byteBuffer.clear();
                return null;
            }
        }
        if (certificateArr == null) {
            return null;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        for (int i = 0; i < certificateArr.length; i++) {
            if (certificateArr[i] instanceof X509Certificate) {
                x509CertificateArr[i] = (X509Certificate) certificateArr[i];
            } else {
                try {
                    x509CertificateArr[i] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificateArr[i].getEncoded()));
                } catch (Exception e) {
                    logger.log(Level.INFO, "Error translating cert " + certificateArr[i], (Throwable) e);
                    return null;
                }
            }
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "Cert #" + i + " = " + x509CertificateArr[i]);
            }
        }
        if (x509CertificateArr.length < 1) {
            return null;
        }
        return x509CertificateArr;
    }

    protected SSLEngine newSSLEngine() {
        SSLEngine createSSLEngine = this.sslContext.createSSLEngine();
        if (this.enabledCipherSuites != null) {
            if (!this.isCipherConfigured) {
                this.enabledCipherSuites = configureEnabledCiphers(createSSLEngine, this.enabledCipherSuites);
                this.isCipherConfigured = true;
            }
            createSSLEngine.setEnabledCipherSuites(this.enabledCipherSuites);
        }
        if (this.enabledProtocols != null) {
            if (!this.isProtocolConfigured) {
                this.enabledProtocols = configureEnabledProtocols(createSSLEngine, this.enabledProtocols);
                this.isProtocolConfigured = true;
            }
            createSSLEngine.setEnabledProtocols(this.enabledProtocols);
        }
        createSSLEngine.setUseClientMode(this.clientMode);
        return createSSLEngine;
    }

    protected SSLEngine newSSLEngine(SelectionKey selectionKey) {
        SSLEngine newSSLEngine = selectionKey.attachment() == null ? newSSLEngine() : selectionKey.attachment() instanceof SSLEngine ? (SSLEngine) selectionKey.attachment() : newSSLEngine();
        newSSLEngine.setWantClientAuth(this.wantClientAuth);
        newSSLEngine.getSession().removeValue(EXPIRE_TIME);
        newSSLEngine.setNeedClientAuth(this.needClientAuth);
        return newSSLEngine;
    }

    public void setSSLContext(SSLContext sSLContext) {
        this.sslContext = sSLContext;
    }

    public SSLContext getSSLContext() {
        return this.sslContext;
    }

    public String[] getEnabledCipherSuites() {
        return this.enabledCipherSuites;
    }

    public void setEnabledCipherSuites(String[] strArr) {
        this.enabledCipherSuites = strArr;
    }

    public String[] getEnabledProtocols() {
        return this.enabledProtocols;
    }

    public void setEnabledProtocols(String[] strArr) {
        this.enabledProtocols = strArr;
    }

    public boolean isClientMode() {
        return this.clientMode;
    }

    public void setClientMode(boolean z) {
        this.clientMode = z;
    }

    public boolean isNeedClientAuth() {
        return this.needClientAuth;
    }

    public void setNeedClientAuth(boolean z) {
        this.needClientAuth = z;
    }

    public boolean isWantClientAuth() {
        return this.wantClientAuth;
    }

    public void setWantClientAuth(boolean z) {
        this.wantClientAuth = z;
    }

    private static final String[] configureEnabledProtocols(SSLEngine sSLEngine, String[] strArr) {
        ArrayList arrayList = null;
        for (String str : sSLEngine.getSupportedProtocols()) {
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i < length) {
                    String trim = strArr[i].trim();
                    if (str.equals(trim)) {
                        if (arrayList == null) {
                            arrayList = new ArrayList();
                        }
                        arrayList.add(trim);
                    } else {
                        i++;
                    }
                }
            }
        }
        return arrayList != null ? (String[]) arrayList.toArray(new String[arrayList.size()]) : null;
    }

    private static final String[] configureEnabledCiphers(SSLEngine sSLEngine, String[] strArr) {
        ArrayList arrayList = null;
        for (String str : sSLEngine.getSupportedCipherSuites()) {
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i < length) {
                    String trim = strArr[i].trim();
                    if (str.equals(trim)) {
                        if (arrayList == null) {
                            arrayList = new ArrayList();
                        }
                        arrayList.add(trim);
                    } else {
                        i++;
                    }
                }
            }
        }
        return arrayList != null ? (String[]) arrayList.toArray(new String[arrayList.size()]) : null;
    }

    protected void log(String str, Throwable th) {
        if (Controller.logger().isLoggable(Level.FINE)) {
            Controller.logger().log(Level.FINE, "ReadFilter,execute()", th);
        }
    }
}
