package sun.security.ssl;

import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Queue;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentLinkedQueue;
import javax.crypto.SecretKey;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLPermission;
import javax.net.ssl.SSLSessionBindingEvent;
import javax.net.ssl.SSLSessionBindingListener;
import javax.net.ssl.SSLSessionContext;
import javax.security.cert.CertificateException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/java.base-2018-11-25.jar:META-INF/modules/java.base/classes/sun/security/ssl/SSLSessionImpl.class */
public final class SSLSessionImpl extends ExtendedSSLSession {
    private final ProtocolVersion protocolVersion;
    private final SessionId sessionId;
    private X509Certificate[] peerCerts;
    private CipherSuite cipherSuite;
    private SecretKey masterSecret;
    final boolean useExtendedMasterSecret;
    private final long creationTime;
    private long lastUsedTime;
    private final String host;
    private final int port;
    private SSLSessionContextImpl context;
    private boolean invalidated;
    private X509Certificate[] localCerts;
    private PrivateKey localPrivateKey;
    private final Collection<SignatureScheme> localSupportedSignAlgs;
    private String[] peerSupportedSignAlgs;
    private boolean useDefaultPeerSignAlgs;
    private List<byte[]> statusResponses;
    private SecretKey resumptionMasterSecret;
    private SecretKey preSharedKey;
    private byte[] pskIdentity;
    private final long ticketCreationTime;
    private int ticketAgeAdd;
    private int negotiatedMaxFragLen;
    private int maximumPacketSize;
    private final Queue<SSLSessionImpl> childSessions;
    private boolean isSessionResumption;
    final SNIServerName serverNameIndication;
    private final List<SNIServerName> requestedServerNames;
    private BigInteger ticketNonceCounter;
    private final ConcurrentHashMap<SecureKey, Object> boundValues;
    private boolean acceptLargeFragments;
    static final SSLSessionImpl nullSession = new SSLSessionImpl();
    private static boolean defaultRejoinable = true;

    private SSLSessionImpl() {
        this.lastUsedTime = 0L;
        this.useDefaultPeerSignAlgs = false;
        this.ticketCreationTime = System.currentTimeMillis();
        this.negotiatedMaxFragLen = -1;
        this.childSessions = new ConcurrentLinkedQueue();
        this.isSessionResumption = false;
        this.ticketNonceCounter = BigInteger.ONE;
        this.boundValues = new ConcurrentHashMap<>();
        this.acceptLargeFragments = Utilities.getBooleanProperty("jsse.SSLEngine.acceptLargeFragments", false);
        this.protocolVersion = ProtocolVersion.NONE;
        this.cipherSuite = CipherSuite.C_NULL;
        this.sessionId = new SessionId(false, null);
        this.host = null;
        this.port = -1;
        this.localSupportedSignAlgs = Collections.emptySet();
        this.serverNameIndication = null;
        this.requestedServerNames = Collections.emptyList();
        this.useExtendedMasterSecret = false;
        this.creationTime = System.currentTimeMillis();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLSessionImpl(HandshakeContext handshakeContext, CipherSuite cipherSuite) {
        this(handshakeContext, cipherSuite, new SessionId(defaultRejoinable, handshakeContext.sslContext.getSecureRandom()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLSessionImpl(HandshakeContext handshakeContext, CipherSuite cipherSuite, SessionId sessionId) {
        this(handshakeContext, cipherSuite, sessionId, System.currentTimeMillis());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLSessionImpl(HandshakeContext handshakeContext, CipherSuite cipherSuite, SessionId sessionId, long j) {
        this.lastUsedTime = 0L;
        this.useDefaultPeerSignAlgs = false;
        this.ticketCreationTime = System.currentTimeMillis();
        this.negotiatedMaxFragLen = -1;
        this.childSessions = new ConcurrentLinkedQueue();
        this.isSessionResumption = false;
        this.ticketNonceCounter = BigInteger.ONE;
        this.boundValues = new ConcurrentHashMap<>();
        this.acceptLargeFragments = Utilities.getBooleanProperty("jsse.SSLEngine.acceptLargeFragments", false);
        this.protocolVersion = handshakeContext.negotiatedProtocol;
        this.cipherSuite = cipherSuite;
        this.sessionId = sessionId;
        this.host = handshakeContext.conContext.transport.getPeerHost();
        this.port = handshakeContext.conContext.transport.getPeerPort();
        this.localSupportedSignAlgs = handshakeContext.localSupportedSignAlgs == null ? Collections.emptySet() : Collections.unmodifiableCollection(handshakeContext.localSupportedSignAlgs);
        this.serverNameIndication = handshakeContext.negotiatedServerName;
        this.requestedServerNames = Collections.unmodifiableList(handshakeContext.getRequestedServerNames());
        if (handshakeContext.sslConfig.isClientMode) {
            this.useExtendedMasterSecret = (handshakeContext.handshakeExtensions.get(SSLExtension.CH_EXTENDED_MASTER_SECRET) == null || handshakeContext.handshakeExtensions.get(SSLExtension.SH_EXTENDED_MASTER_SECRET) == null) ? false : true;
        } else {
            this.useExtendedMasterSecret = (handshakeContext.handshakeExtensions.get(SSLExtension.CH_EXTENDED_MASTER_SECRET) == null || handshakeContext.negotiatedProtocol.useTLS13PlusSpec()) ? false : true;
        }
        this.creationTime = j;
        if (SSLLogger.isOn && SSLLogger.isOn("session")) {
            SSLLogger.finest("Session initialized:  " + ((Object) this), new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setMasterSecret(SecretKey secretKey) {
        this.masterSecret = secretKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setResumptionMasterSecret(SecretKey secretKey) {
        this.resumptionMasterSecret = secretKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPreSharedKey(SecretKey secretKey) {
        this.preSharedKey = secretKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addChild(SSLSessionImpl sSLSessionImpl) {
        this.childSessions.add(sSLSessionImpl);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setTicketAgeAdd(int i) {
        this.ticketAgeAdd = i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPskIdentity(byte[] bArr) {
        this.pskIdentity = bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BigInteger incrTicketNonceCounter() {
        BigInteger bigInteger = this.ticketNonceCounter;
        this.ticketNonceCounter = this.ticketNonceCounter.add(BigInteger.valueOf(1L));
        return bigInteger;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecretKey getMasterSecret() {
        return this.masterSecret;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<SecretKey> getResumptionMasterSecret() {
        return Optional.ofNullable(this.resumptionMasterSecret);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized Optional<SecretKey> getPreSharedKey() {
        return Optional.ofNullable(this.preSharedKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized Optional<SecretKey> consumePreSharedKey() {
        Optional<SecretKey> ofNullable = Optional.ofNullable(this.preSharedKey);
        this.preSharedKey = null;
        return ofNullable;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getTicketAgeAdd() {
        return this.ticketAgeAdd;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized Optional<byte[]> getPskIdentity() {
        return Optional.ofNullable(this.pskIdentity);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized Optional<byte[]> consumePskIdentity() {
        Optional<byte[]> ofNullable = Optional.ofNullable(this.pskIdentity);
        this.pskIdentity = null;
        return ofNullable;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPeerCertificates(X509Certificate[] x509CertificateArr) {
        if (this.peerCerts == null) {
            this.peerCerts = x509CertificateArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setLocalCertificates(X509Certificate[] x509CertificateArr) {
        this.localCerts = x509CertificateArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setLocalPrivateKey(PrivateKey privateKey) {
        this.localPrivateKey = privateKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPeerSupportedSignatureAlgorithms(Collection<SignatureScheme> collection) {
        this.peerSupportedSignAlgs = SignatureScheme.getAlgorithmNames(collection);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setUseDefaultPeerSignAlgs() {
        this.useDefaultPeerSignAlgs = true;
        this.peerSupportedSignAlgs = new String[]{"SHA1withRSA", "SHA1withDSA", "SHA1withECDSA"};
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLSessionImpl finish() {
        if (this.useDefaultPeerSignAlgs) {
            this.peerSupportedSignAlgs = new String[0];
        }
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setStatusResponses(List<byte[]> list) {
        if (list == null || list.isEmpty()) {
            this.statusResponses = Collections.emptyList();
        } else {
            this.statusResponses = list;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isRejoinable() {
        return (this.sessionId == null || this.sessionId.length() == 0 || this.invalidated || !isLocalAuthenticationValid()) ? false : true;
    }

    @Override // javax.net.ssl.SSLSession
    public synchronized boolean isValid() {
        return isRejoinable();
    }

    private boolean isLocalAuthenticationValid() {
        if (this.localPrivateKey == null) {
            return true;
        }
        try {
            this.localPrivateKey.getAlgorithm();
            return true;
        } catch (Exception e) {
            invalidate();
            return false;
        }
    }

    @Override // javax.net.ssl.SSLSession
    public byte[] getId() {
        return this.sessionId.getId();
    }

    @Override // javax.net.ssl.SSLSession
    public SSLSessionContext getSessionContext() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new SSLPermission("getSSLSessionContext"));
        }
        return this.context;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SessionId getSessionId() {
        return this.sessionId;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CipherSuite getSuite() {
        return this.cipherSuite;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSuite(CipherSuite cipherSuite) {
        this.cipherSuite = cipherSuite;
        if (SSLLogger.isOn && SSLLogger.isOn("session")) {
            SSLLogger.finest("Negotiating session:  " + ((Object) this), new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSessionResumption() {
        return this.isSessionResumption;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAsSessionResumption(boolean z) {
        this.isSessionResumption = z;
    }

    @Override // javax.net.ssl.SSLSession
    public String getCipherSuite() {
        return getSuite().name;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProtocolVersion getProtocolVersion() {
        return this.protocolVersion;
    }

    @Override // javax.net.ssl.SSLSession
    public String getProtocol() {
        return getProtocolVersion().name;
    }

    public int hashCode() {
        return this.sessionId.hashCode();
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (obj instanceof SSLSessionImpl) {
            return this.sessionId != null && this.sessionId.equals(((SSLSessionImpl) obj).getSessionId());
        }
        return false;
    }

    @Override // javax.net.ssl.SSLSession
    public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
        if (this.peerCerts == null) {
            throw new SSLPeerUnverifiedException("peer not authenticated");
        }
        return (Certificate[]) this.peerCerts.clone();
    }

    @Override // javax.net.ssl.SSLSession
    public Certificate[] getLocalCertificates() {
        if (this.localCerts == null) {
            return null;
        }
        return (Certificate[]) this.localCerts.clone();
    }

    @Override // javax.net.ssl.SSLSession
    @Deprecated
    public javax.security.cert.X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
        if (this.peerCerts == null) {
            throw new SSLPeerUnverifiedException("peer not authenticated");
        }
        javax.security.cert.X509Certificate[] x509CertificateArr = new javax.security.cert.X509Certificate[this.peerCerts.length];
        for (int i = 0; i < this.peerCerts.length; i++) {
            try {
                x509CertificateArr[i] = javax.security.cert.X509Certificate.getInstance(this.peerCerts[i].getEncoded());
            } catch (CertificateEncodingException e) {
                throw new SSLPeerUnverifiedException(e.getMessage());
            } catch (CertificateException e2) {
                throw new SSLPeerUnverifiedException(e2.getMessage());
            }
        }
        return x509CertificateArr;
    }

    public X509Certificate[] getCertificateChain() throws SSLPeerUnverifiedException {
        if (this.peerCerts != null) {
            return (X509Certificate[]) this.peerCerts.clone();
        }
        throw new SSLPeerUnverifiedException("peer not authenticated");
    }

    @Override // javax.net.ssl.ExtendedSSLSession
    public List<byte[]> getStatusResponses() {
        if (this.statusResponses == null || this.statusResponses.isEmpty()) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(this.statusResponses.size());
        Iterator<byte[]> it = this.statusResponses.iterator();
        while (it.hasNext()) {
            arrayList.add((byte[]) it.next().clone());
        }
        return Collections.unmodifiableList(arrayList);
    }

    @Override // javax.net.ssl.SSLSession
    public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
        if (this.peerCerts == null) {
            throw new SSLPeerUnverifiedException("peer not authenticated");
        }
        return this.peerCerts[0].getSubjectX500Principal();
    }

    @Override // javax.net.ssl.SSLSession
    public Principal getLocalPrincipal() {
        if (this.localCerts == null || this.localCerts.length == 0) {
            return null;
        }
        return this.localCerts[0].getSubjectX500Principal();
    }

    public long getTicketCreationTime() {
        return this.ticketCreationTime;
    }

    @Override // javax.net.ssl.SSLSession
    public long getCreationTime() {
        return this.creationTime;
    }

    @Override // javax.net.ssl.SSLSession
    public long getLastAccessedTime() {
        return this.lastUsedTime != 0 ? this.lastUsedTime : this.creationTime;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setLastAccessedTime(long j) {
        this.lastUsedTime = j;
    }

    public InetAddress getPeerAddress() {
        try {
            return InetAddress.getByName(this.host);
        } catch (UnknownHostException e) {
            return null;
        }
    }

    @Override // javax.net.ssl.SSLSession
    public String getPeerHost() {
        return this.host;
    }

    @Override // javax.net.ssl.SSLSession
    public int getPeerPort() {
        return this.port;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setContext(SSLSessionContextImpl sSLSessionContextImpl) {
        if (this.context == null) {
            this.context = sSLSessionContextImpl;
        }
    }

    @Override // javax.net.ssl.SSLSession
    public synchronized void invalidate() {
        if (this == nullSession) {
            return;
        }
        if (this.context != null) {
            this.context.remove(this.sessionId);
            this.context = null;
        }
        if (this.invalidated) {
            return;
        }
        this.invalidated = true;
        if (SSLLogger.isOn && SSLLogger.isOn("session")) {
            SSLLogger.finest("Invalidated session:  " + ((Object) this), new Object[0]);
        }
        Iterator<SSLSessionImpl> it = this.childSessions.iterator();
        while (it.hasNext()) {
            it.next().invalidate();
        }
    }

    @Override // javax.net.ssl.SSLSession
    public void putValue(String str, Object obj) {
        if (str == null || obj == null) {
            throw new IllegalArgumentException("arguments can not be null");
        }
        Object put = this.boundValues.put(new SecureKey(str), obj);
        if (put instanceof SSLSessionBindingListener) {
            ((SSLSessionBindingListener) put).valueUnbound(new SSLSessionBindingEvent(this, str));
        }
        if (obj instanceof SSLSessionBindingListener) {
            ((SSLSessionBindingListener) obj).valueBound(new SSLSessionBindingEvent(this, str));
        }
    }

    @Override // javax.net.ssl.SSLSession
    public Object getValue(String str) {
        if (str == null) {
            throw new IllegalArgumentException("argument can not be null");
        }
        return this.boundValues.get(new SecureKey(str));
    }

    @Override // javax.net.ssl.SSLSession
    public void removeValue(String str) {
        if (str == null) {
            throw new IllegalArgumentException("argument can not be null");
        }
        Object remove = this.boundValues.remove(new SecureKey(str));
        if (remove instanceof SSLSessionBindingListener) {
            ((SSLSessionBindingListener) remove).valueUnbound(new SSLSessionBindingEvent(this, str));
        }
    }

    @Override // javax.net.ssl.SSLSession
    public String[] getValueNames() {
        ArrayList arrayList = new ArrayList();
        Object currentSecurityContext = SecureKey.getCurrentSecurityContext();
        Enumeration<SecureKey> keys = this.boundValues.keys();
        while (keys.hasMoreElements()) {
            SecureKey nextElement = keys.nextElement();
            if (currentSecurityContext.equals(nextElement.getSecurityContext())) {
                arrayList.add(nextElement.getAppKey());
            }
        }
        return (String[]) arrayList.toArray(new String[0]);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized void expandBufferSizes() {
        this.acceptLargeFragments = true;
    }

    @Override // javax.net.ssl.SSLSession
    public synchronized int getPacketBufferSize() {
        int i = 0;
        if (this.negotiatedMaxFragLen > 0) {
            i = this.cipherSuite.calculatePacketSize(this.negotiatedMaxFragLen, this.protocolVersion, this.protocolVersion.isDTLS);
        }
        return this.maximumPacketSize > 0 ? this.maximumPacketSize > i ? this.maximumPacketSize : i : i != 0 ? i : this.protocolVersion.isDTLS ? DTLSRecord.maxRecordSize : this.acceptLargeFragments ? SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize;
    }

    @Override // javax.net.ssl.SSLSession
    public synchronized int getApplicationBufferSize() {
        int i = 0;
        if (this.maximumPacketSize > 0) {
            i = this.cipherSuite.calculateFragSize(this.maximumPacketSize, this.protocolVersion, this.protocolVersion.isDTLS);
        }
        if (this.negotiatedMaxFragLen > 0) {
            return this.negotiatedMaxFragLen > i ? this.negotiatedMaxFragLen : i;
        }
        if (i != 0) {
            return i;
        }
        if (this.protocolVersion.isDTLS) {
            return 16384;
        }
        return (this.acceptLargeFragments ? SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize) - 5;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void setNegotiatedMaxFragSize(int i) {
        this.negotiatedMaxFragLen = i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized int getNegotiatedMaxFragSize() {
        return this.negotiatedMaxFragLen;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void setMaximumPacketSize(int i) {
        this.maximumPacketSize = i;
    }

    synchronized int getMaximumPacketSize() {
        return this.maximumPacketSize;
    }

    @Override // javax.net.ssl.ExtendedSSLSession
    public String[] getLocalSupportedSignatureAlgorithms() {
        return SignatureScheme.getAlgorithmNames(this.localSupportedSignAlgs);
    }

    public Collection<SignatureScheme> getLocalSupportedSignatureSchemes() {
        return this.localSupportedSignAlgs;
    }

    @Override // javax.net.ssl.ExtendedSSLSession
    public String[] getPeerSupportedSignatureAlgorithms() {
        return this.peerSupportedSignAlgs != null ? (String[]) this.peerSupportedSignAlgs.clone() : new String[0];
    }

    @Override // javax.net.ssl.ExtendedSSLSession
    public List<SNIServerName> getRequestedServerNames() {
        return this.requestedServerNames;
    }

    public String toString() {
        return "Session(" + this.creationTime + "|" + getCipherSuite() + ")";
    }
}
