package io.netty.handler.ssl;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.Unpooled;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.util.AbstractReferenceCounted;
import io.netty.util.ReferenceCounted;
import io.netty.util.ResourceLeak;
import io.netty.util.ResourceLeakDetector;
import io.netty.util.ResourceLeakDetectorFactory;
import io.netty.util.internal.EmptyArrays;
import io.netty.util.internal.InternalThreadLocalMap;
import io.netty.util.internal.ObjectUtil;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.ThrowableUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.nio.ByteBuffer;
import java.nio.ReadOnlyBufferException;
import java.security.Principal;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicIntegerFieldUpdater;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionBindingEvent;
import javax.net.ssl.SSLSessionBindingListener;
import javax.net.ssl.SSLSessionContext;
import javax.security.cert.X509Certificate;
import org.apache.kafka.common.config.SslConfigs;
import org.apache.tomcat.jni.Buffer;
import org.apache.tomcat.jni.SSL;

/* loaded from: input_file:BOOT-INF/lib/netty-handler-4.1.5.Final.jar:io/netty/handler/ssl/ReferenceCountedOpenSslEngine.class */
public class ReferenceCountedOpenSslEngine extends SSLEngine implements ReferenceCounted {
    private static final InternalLogger logger;
    private static final Certificate[] EMPTY_CERTIFICATES;
    private static final X509Certificate[] EMPTY_X509_CERTIFICATES;
    private static final SSLException BEGIN_HANDSHAKE_ENGINE_CLOSED;
    private static final SSLException HANDSHAKE_ENGINE_CLOSED;
    private static final SSLException RENEGOTIATION_UNSUPPORTED;
    private static final SSLException ENCRYPTED_PACKET_OVERSIZED;
    private static final Class<?> SNI_HOSTNAME_CLASS;
    private static final Method GET_SERVER_NAMES_METHOD;
    private static final Method SET_SERVER_NAMES_METHOD;
    private static final Method GET_ASCII_NAME_METHOD;
    private static final Method GET_USE_CIPHER_SUITES_ORDER_METHOD;
    private static final Method SET_USE_CIPHER_SUITES_ORDER_METHOD;
    private static final ResourceLeakDetector<ReferenceCountedOpenSslEngine> leakDetector;
    private static final int MAX_PLAINTEXT_LENGTH = 16384;
    private static final int MAX_COMPRESSED_LENGTH = 17408;
    private static final int MAX_CIPHERTEXT_LENGTH = 18432;
    static final int MAX_ENCRYPTED_PACKET_LENGTH = 18713;
    static final int MAX_ENCRYPTION_OVERHEAD_LENGTH = 2329;
    private static final AtomicIntegerFieldUpdater<ReferenceCountedOpenSslEngine> DESTROYED_UPDATER;
    private static final String INVALID_CIPHER = "SSL_NULL_WITH_NULL_NULL";
    private static final long EMPTY_ADDR;
    private static final SSLEngineResult NEED_UNWRAP_OK;
    private static final SSLEngineResult NEED_UNWRAP_CLOSED;
    private static final SSLEngineResult NEED_WRAP_OK;
    private static final SSLEngineResult NEED_WRAP_CLOSED;
    private static final SSLEngineResult CLOSED_NOT_HANDSHAKING;
    private long ssl;
    private long networkBIO;
    private boolean certificateSet;
    private HandshakeState handshakeState;
    private boolean receivedShutdown;
    private volatile int destroyed;
    private final ResourceLeak leak;
    private final AbstractReferenceCounted refCnt;
    private volatile ClientAuth clientAuth;
    private volatile long lastAccessed;
    private String endPointIdentificationAlgorithm;
    private Object algorithmConstraints;
    private List<?> sniHostNames;
    private boolean isInboundDone;
    private boolean isOutboundDone;
    private boolean engineClosed;
    private final boolean clientMode;
    private final ByteBufAllocator alloc;
    private final OpenSslEngineMap engineMap;
    private final OpenSslApplicationProtocolNegotiator apn;
    private final boolean rejectRemoteInitiatedRenegation;
    private final OpenSslSession session;
    private final Certificate[] localCerts;
    private final ByteBuffer[] singleSrcBuffer;
    private final ByteBuffer[] singleDstBuffer;
    private final OpenSslKeyMaterialManager keyMaterialManager;
    SSLHandshakeException handshakeException;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/netty-handler-4.1.5.Final.jar:io/netty/handler/ssl/ReferenceCountedOpenSslEngine$HandshakeState.class */
    public enum HandshakeState {
        NOT_STARTED,
        STARTED_IMPLICITLY,
        STARTED_EXPLICITLY,
        FINISHED
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/netty-handler-4.1.5.Final.jar:io/netty/handler/ssl/ReferenceCountedOpenSslEngine$OpenSslSession.class */
    public final class OpenSslSession implements SSLSession, ApplicationProtocolAccessor {
        private final OpenSslSessionContext sessionContext;
        private X509Certificate[] x509PeerCerts;
        private String protocol;
        private String applicationProtocol;
        private Certificate[] peerCerts;
        private String cipher;
        private byte[] id;
        private long creationTime;
        private Map<String, Object> values;
        static final /* synthetic */ boolean $assertionsDisabled;

        OpenSslSession(OpenSslSessionContext openSslSessionContext) {
            this.sessionContext = openSslSessionContext;
        }

        @Override // javax.net.ssl.SSLSession
        public byte[] getId() {
            synchronized (ReferenceCountedOpenSslEngine.this) {
                if (this.id == null) {
                    return EmptyArrays.EMPTY_BYTES;
                }
                return (byte[]) this.id.clone();
            }
        }

        @Override // javax.net.ssl.SSLSession
        public SSLSessionContext getSessionContext() {
            return this.sessionContext;
        }

        @Override // javax.net.ssl.SSLSession
        public long getCreationTime() {
            synchronized (ReferenceCountedOpenSslEngine.this) {
                if (this.creationTime == 0 && !ReferenceCountedOpenSslEngine.this.isDestroyed()) {
                    this.creationTime = SSL.getTime(ReferenceCountedOpenSslEngine.this.ssl) * 1000;
                }
            }
            return this.creationTime;
        }

        @Override // javax.net.ssl.SSLSession
        public long getLastAccessedTime() {
            long j = ReferenceCountedOpenSslEngine.this.lastAccessed;
            return j == -1 ? getCreationTime() : j;
        }

        @Override // javax.net.ssl.SSLSession
        public void invalidate() {
            synchronized (ReferenceCountedOpenSslEngine.this) {
                if (!ReferenceCountedOpenSslEngine.this.isDestroyed()) {
                    SSL.setTimeout(ReferenceCountedOpenSslEngine.this.ssl, 0L);
                }
            }
        }

        @Override // javax.net.ssl.SSLSession
        public boolean isValid() {
            synchronized (ReferenceCountedOpenSslEngine.this) {
                if (ReferenceCountedOpenSslEngine.this.isDestroyed()) {
                    return false;
                }
                return System.currentTimeMillis() - (SSL.getTimeout(ReferenceCountedOpenSslEngine.this.ssl) * 1000) < SSL.getTime(ReferenceCountedOpenSslEngine.this.ssl) * 1000;
            }
        }

        @Override // javax.net.ssl.SSLSession
        public void putValue(String str, Object obj) {
            if (str == null) {
                throw new NullPointerException("name");
            }
            if (obj == null) {
                throw new NullPointerException("value");
            }
            Map<String, Object> map = this.values;
            if (map == null) {
                HashMap hashMap = new HashMap(2);
                this.values = hashMap;
                map = hashMap;
            }
            Object put = map.put(str, obj);
            if (obj instanceof SSLSessionBindingListener) {
                ((SSLSessionBindingListener) obj).valueBound(new SSLSessionBindingEvent(this, str));
            }
            notifyUnbound(put, str);
        }

        @Override // javax.net.ssl.SSLSession
        public Object getValue(String str) {
            if (str == null) {
                throw new NullPointerException("name");
            }
            if (this.values == null) {
                return null;
            }
            return this.values.get(str);
        }

        @Override // javax.net.ssl.SSLSession
        public void removeValue(String str) {
            if (str == null) {
                throw new NullPointerException("name");
            }
            Map<String, Object> map = this.values;
            if (map == null) {
                return;
            }
            notifyUnbound(map.remove(str), str);
        }

        @Override // javax.net.ssl.SSLSession
        public String[] getValueNames() {
            Map<String, Object> map = this.values;
            return (map == null || map.isEmpty()) ? EmptyArrays.EMPTY_STRINGS : (String[]) map.keySet().toArray(new String[map.size()]);
        }

        private void notifyUnbound(Object obj, String str) {
            if (obj instanceof SSLSessionBindingListener) {
                ((SSLSessionBindingListener) obj).valueUnbound(new SSLSessionBindingEvent(this, str));
            }
        }

        void handshakeFinished() throws SSLException {
            synchronized (ReferenceCountedOpenSslEngine.this) {
                if (ReferenceCountedOpenSslEngine.this.isDestroyed()) {
                    throw new SSLException("Already closed");
                }
                this.id = SSL.getSessionId(ReferenceCountedOpenSslEngine.this.ssl);
                this.cipher = ReferenceCountedOpenSslEngine.this.toJavaCipherSuite(SSL.getCipherForSSL(ReferenceCountedOpenSslEngine.this.ssl));
                this.protocol = SSL.getVersion(ReferenceCountedOpenSslEngine.this.ssl);
                initPeerCerts();
                selectApplicationProtocol();
                ReferenceCountedOpenSslEngine.this.handshakeState = HandshakeState.FINISHED;
            }
        }

        private void initPeerCerts() {
            Certificate[] certificateArr;
            byte[][] peerCertChain = SSL.getPeerCertChain(ReferenceCountedOpenSslEngine.this.ssl);
            byte[] peerCertificate = !ReferenceCountedOpenSslEngine.this.clientMode ? SSL.getPeerCertificate(ReferenceCountedOpenSslEngine.this.ssl) : null;
            if (peerCertChain == null && peerCertificate == null) {
                this.peerCerts = ReferenceCountedOpenSslEngine.EMPTY_CERTIFICATES;
                this.x509PeerCerts = ReferenceCountedOpenSslEngine.EMPTY_X509_CERTIFICATES;
                return;
            }
            int length = peerCertChain != null ? peerCertChain.length : 0;
            int i = 0;
            if (peerCertificate != null) {
                certificateArr = new Certificate[length + 1];
                i = 0 + 1;
                certificateArr[0] = new OpenSslX509Certificate(peerCertificate);
            } else {
                certificateArr = new Certificate[length];
            }
            if (peerCertChain != null) {
                X509Certificate[] x509CertificateArr = new X509Certificate[peerCertChain.length];
                for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                    byte[] bArr = peerCertChain[i2];
                    x509CertificateArr[i2] = new OpenSslJavaxX509Certificate(bArr);
                    certificateArr[i] = new OpenSslX509Certificate(bArr);
                    i++;
                }
                this.x509PeerCerts = x509CertificateArr;
            } else {
                this.x509PeerCerts = ReferenceCountedOpenSslEngine.EMPTY_X509_CERTIFICATES;
            }
            this.peerCerts = certificateArr;
        }

        private void selectApplicationProtocol() throws SSLException {
            ApplicationProtocolConfig.SelectedListenerFailureBehavior selectedListenerFailureBehavior = ReferenceCountedOpenSslEngine.this.apn.selectedListenerFailureBehavior();
            List<String> protocols = ReferenceCountedOpenSslEngine.this.apn.protocols();
            switch (ReferenceCountedOpenSslEngine.this.apn.protocol()) {
                case NONE:
                    return;
                case ALPN:
                    String alpnSelected = SSL.getAlpnSelected(ReferenceCountedOpenSslEngine.this.ssl);
                    if (alpnSelected != null) {
                        this.applicationProtocol = selectApplicationProtocol(protocols, selectedListenerFailureBehavior, alpnSelected);
                        return;
                    }
                    return;
                case NPN:
                    String nextProtoNegotiated = SSL.getNextProtoNegotiated(ReferenceCountedOpenSslEngine.this.ssl);
                    if (nextProtoNegotiated != null) {
                        this.applicationProtocol = selectApplicationProtocol(protocols, selectedListenerFailureBehavior, nextProtoNegotiated);
                        return;
                    }
                    return;
                case NPN_AND_ALPN:
                    String alpnSelected2 = SSL.getAlpnSelected(ReferenceCountedOpenSslEngine.this.ssl);
                    if (alpnSelected2 == null) {
                        alpnSelected2 = SSL.getNextProtoNegotiated(ReferenceCountedOpenSslEngine.this.ssl);
                    }
                    if (alpnSelected2 != null) {
                        this.applicationProtocol = selectApplicationProtocol(protocols, selectedListenerFailureBehavior, alpnSelected2);
                        return;
                    }
                    return;
                default:
                    throw new Error();
            }
        }

        private String selectApplicationProtocol(List<String> list, ApplicationProtocolConfig.SelectedListenerFailureBehavior selectedListenerFailureBehavior, String str) throws SSLException {
            if (selectedListenerFailureBehavior == ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT) {
                return str;
            }
            int size = list.size();
            if (!$assertionsDisabled && size <= 0) {
                throw new AssertionError();
            }
            if (list.contains(str)) {
                return str;
            }
            if (selectedListenerFailureBehavior == ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL) {
                return list.get(size - 1);
            }
            throw new SSLException("unknown protocol " + str);
        }

        @Override // javax.net.ssl.SSLSession
        public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
            Certificate[] certificateArr;
            synchronized (ReferenceCountedOpenSslEngine.this) {
                if (this.peerCerts == null || this.peerCerts.length == 0) {
                    throw new SSLPeerUnverifiedException("peer not verified");
                }
                certificateArr = this.peerCerts;
            }
            return certificateArr;
        }

        @Override // javax.net.ssl.SSLSession
        public Certificate[] getLocalCertificates() {
            if (ReferenceCountedOpenSslEngine.this.localCerts == null) {
                return null;
            }
            return (Certificate[]) ReferenceCountedOpenSslEngine.this.localCerts.clone();
        }

        @Override // javax.net.ssl.SSLSession
        public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
            X509Certificate[] x509CertificateArr;
            synchronized (ReferenceCountedOpenSslEngine.this) {
                if (this.x509PeerCerts == null || this.x509PeerCerts.length == 0) {
                    throw new SSLPeerUnverifiedException("peer not verified");
                }
                x509CertificateArr = this.x509PeerCerts;
            }
            return x509CertificateArr;
        }

        @Override // javax.net.ssl.SSLSession
        public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
            return ((java.security.cert.X509Certificate) getPeerCertificates()[0]).getSubjectX500Principal();
        }

        @Override // javax.net.ssl.SSLSession
        public Principal getLocalPrincipal() {
            Certificate[] certificateArr = ReferenceCountedOpenSslEngine.this.localCerts;
            if (certificateArr == null || certificateArr.length == 0) {
                return null;
            }
            return ((java.security.cert.X509Certificate) certificateArr[0]).getIssuerX500Principal();
        }

        @Override // javax.net.ssl.SSLSession
        public String getCipherSuite() {
            synchronized (ReferenceCountedOpenSslEngine.this) {
                if (this.cipher == null) {
                    return ReferenceCountedOpenSslEngine.INVALID_CIPHER;
                }
                return this.cipher;
            }
        }

        @Override // javax.net.ssl.SSLSession
        public String getProtocol() {
            String str = this.protocol;
            if (str == null) {
                synchronized (ReferenceCountedOpenSslEngine.this) {
                    str = !ReferenceCountedOpenSslEngine.this.isDestroyed() ? SSL.getVersion(ReferenceCountedOpenSslEngine.this.ssl) : "";
                }
            }
            return str;
        }

        @Override // io.netty.handler.ssl.ApplicationProtocolAccessor
        public String getApplicationProtocol() {
            String str;
            synchronized (ReferenceCountedOpenSslEngine.this) {
                str = this.applicationProtocol;
            }
            return str;
        }

        @Override // javax.net.ssl.SSLSession
        public String getPeerHost() {
            return ReferenceCountedOpenSslEngine.this.getPeerHost();
        }

        @Override // javax.net.ssl.SSLSession
        public int getPeerPort() {
            return ReferenceCountedOpenSslEngine.this.getPeerPort();
        }

        @Override // javax.net.ssl.SSLSession
        public int getPacketBufferSize() {
            return ReferenceCountedOpenSslEngine.MAX_ENCRYPTED_PACKET_LENGTH;
        }

        @Override // javax.net.ssl.SSLSession
        public int getApplicationBufferSize() {
            return 16384;
        }

        static {
            $assertionsDisabled = !ReferenceCountedOpenSslEngine.class.desiredAssertionStatus();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ReferenceCountedOpenSslEngine(ReferenceCountedOpenSslContext referenceCountedOpenSslContext, ByteBufAllocator byteBufAllocator, String str, int i, boolean z) {
        super(str, i);
        this.handshakeState = HandshakeState.NOT_STARTED;
        this.refCnt = new AbstractReferenceCounted() { // from class: io.netty.handler.ssl.ReferenceCountedOpenSslEngine.1
            @Override // io.netty.util.ReferenceCounted
            public ReferenceCounted touch(Object obj) {
                if (ReferenceCountedOpenSslEngine.this.leak != null) {
                    ReferenceCountedOpenSslEngine.this.leak.record(obj);
                }
                return ReferenceCountedOpenSslEngine.this;
            }

            @Override // io.netty.util.AbstractReferenceCounted
            protected void deallocate() {
                ReferenceCountedOpenSslEngine.this.shutdown();
                if (ReferenceCountedOpenSslEngine.this.leak != null) {
                    ReferenceCountedOpenSslEngine.this.leak.close();
                }
            }
        };
        this.clientAuth = ClientAuth.NONE;
        this.lastAccessed = -1L;
        this.singleSrcBuffer = new ByteBuffer[1];
        this.singleDstBuffer = new ByteBuffer[1];
        OpenSsl.ensureAvailability();
        this.leak = z ? leakDetector.open(this) : null;
        this.alloc = (ByteBufAllocator) ObjectUtil.checkNotNull(byteBufAllocator, "alloc");
        this.apn = (OpenSslApplicationProtocolNegotiator) referenceCountedOpenSslContext.applicationProtocolNegotiator();
        this.ssl = SSL.newSSL(referenceCountedOpenSslContext.ctx, !referenceCountedOpenSslContext.isClient());
        this.session = new OpenSslSession(referenceCountedOpenSslContext.sessionContext());
        this.networkBIO = SSL.makeNetworkBIO(this.ssl);
        this.clientMode = referenceCountedOpenSslContext.isClient();
        this.engineMap = referenceCountedOpenSslContext.engineMap;
        this.rejectRemoteInitiatedRenegation = referenceCountedOpenSslContext.rejectRemoteInitiatedRenegotiation;
        this.localCerts = referenceCountedOpenSslContext.keyCertChain;
        setClientAuth(this.clientMode ? ClientAuth.NONE : referenceCountedOpenSslContext.clientAuth);
        if (this.clientMode && str != null) {
            SSL.setTlsExtHostName(this.ssl, str);
        }
        this.keyMaterialManager = referenceCountedOpenSslContext.keyMaterialManager();
    }

    @Override // io.netty.util.ReferenceCounted
    public final int refCnt() {
        return this.refCnt.refCnt();
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted retain() {
        this.refCnt.retain();
        return this;
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted retain(int i) {
        this.refCnt.retain(i);
        return this;
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted touch() {
        this.refCnt.touch();
        return this;
    }

    @Override // io.netty.util.ReferenceCounted
    public final ReferenceCounted touch(Object obj) {
        this.refCnt.touch(obj);
        return this;
    }

    @Override // io.netty.util.ReferenceCounted
    public final boolean release() {
        return this.refCnt.release();
    }

    @Override // io.netty.util.ReferenceCounted
    public final boolean release(int i) {
        return this.refCnt.release(i);
    }

    @Override // javax.net.ssl.SSLEngine
    public final synchronized SSLSession getHandshakeSession() {
        switch (this.handshakeState) {
            case NOT_STARTED:
            case FINISHED:
                return null;
            default:
                return this.session;
        }
    }

    public final synchronized long sslPointer() {
        return this.ssl;
    }

    public final synchronized void shutdown() {
        if (DESTROYED_UPDATER.compareAndSet(this, 0, 1)) {
            this.engineMap.remove(this.ssl);
            SSL.freeSSL(this.ssl);
            SSL.freeBIO(this.networkBIO);
            this.networkBIO = 0L;
            this.ssl = 0L;
            this.engineClosed = true;
            this.isOutboundDone = true;
            this.isInboundDone = true;
        }
        SSL.clearError();
    }

    private int writePlaintextData(ByteBuffer byteBuffer) {
        int writeToSSL;
        int position = byteBuffer.position();
        int limit = byteBuffer.limit();
        int min = Math.min(limit - position, 16384);
        if (byteBuffer.isDirect()) {
            writeToSSL = SSL.writeToSSL(this.ssl, Buffer.address(byteBuffer) + position, min);
            if (writeToSSL > 0) {
                byteBuffer.position(position + writeToSSL);
            }
        } else {
            ByteBuf directBuffer = this.alloc.directBuffer(min);
            try {
                long memoryAddress = OpenSsl.memoryAddress(directBuffer);
                byteBuffer.limit(position + min);
                directBuffer.setBytes(0, byteBuffer);
                byteBuffer.limit(limit);
                writeToSSL = SSL.writeToSSL(this.ssl, memoryAddress, min);
                if (writeToSSL > 0) {
                    byteBuffer.position(position + writeToSSL);
                } else {
                    byteBuffer.position(position);
                }
            } finally {
                directBuffer.release();
            }
        }
        return writeToSSL;
    }

    private int writeEncryptedData(ByteBuffer byteBuffer) {
        int writeToBIO;
        int position = byteBuffer.position();
        int remaining = byteBuffer.remaining();
        if (byteBuffer.isDirect()) {
            writeToBIO = SSL.writeToBIO(this.networkBIO, Buffer.address(byteBuffer) + position, remaining);
            if (writeToBIO >= 0) {
                byteBuffer.position(position + writeToBIO);
            }
        } else {
            ByteBuf directBuffer = this.alloc.directBuffer(remaining);
            try {
                long memoryAddress = OpenSsl.memoryAddress(directBuffer);
                directBuffer.setBytes(0, byteBuffer);
                writeToBIO = SSL.writeToBIO(this.networkBIO, memoryAddress, remaining);
                if (writeToBIO >= 0) {
                    byteBuffer.position(position + writeToBIO);
                } else {
                    byteBuffer.position(position);
                }
            } finally {
                directBuffer.release();
            }
        }
        return writeToBIO;
    }

    private int readPlaintextData(ByteBuffer byteBuffer) {
        int readFromSSL;
        if (byteBuffer.isDirect()) {
            int position = byteBuffer.position();
            readFromSSL = SSL.readFromSSL(this.ssl, Buffer.address(byteBuffer) + position, byteBuffer.limit() - position);
            if (readFromSSL > 0) {
                byteBuffer.position(position + readFromSSL);
            }
        } else {
            int position2 = byteBuffer.position();
            int limit = byteBuffer.limit();
            int min = Math.min(MAX_ENCRYPTED_PACKET_LENGTH, limit - position2);
            ByteBuf directBuffer = this.alloc.directBuffer(min);
            try {
                readFromSSL = SSL.readFromSSL(this.ssl, OpenSsl.memoryAddress(directBuffer), min);
                if (readFromSSL > 0) {
                    byteBuffer.limit(position2 + readFromSSL);
                    directBuffer.getBytes(0, byteBuffer);
                    byteBuffer.limit(limit);
                }
            } finally {
                directBuffer.release();
            }
        }
        return readFromSSL;
    }

    private int readEncryptedData(ByteBuffer byteBuffer, int i) {
        int readFromBIO;
        if (!byteBuffer.isDirect() || byteBuffer.remaining() < i) {
            ByteBuf directBuffer = this.alloc.directBuffer(i);
            try {
                readFromBIO = SSL.readFromBIO(this.networkBIO, OpenSsl.memoryAddress(directBuffer), i);
                if (readFromBIO > 0) {
                    int limit = byteBuffer.limit();
                    byteBuffer.limit(byteBuffer.position() + readFromBIO);
                    directBuffer.getBytes(0, byteBuffer);
                    byteBuffer.limit(limit);
                    directBuffer.release();
                    return readFromBIO;
                }
                directBuffer.release();
            } catch (Throwable th) {
                directBuffer.release();
                throw th;
            }
        } else {
            int position = byteBuffer.position();
            readFromBIO = SSL.readFromBIO(this.networkBIO, Buffer.address(byteBuffer) + position, i);
            if (readFromBIO > 0) {
                byteBuffer.position(position + readFromBIO);
                return readFromBIO;
            }
        }
        return readFromBIO;
    }

    private SSLEngineResult readPendingBytesFromBIO(ByteBuffer byteBuffer, int i, int i2, SSLEngineResult.HandshakeStatus handshakeStatus) throws SSLException {
        int pendingWrittenBytesInBIO = SSL.pendingWrittenBytesInBIO(this.networkBIO);
        if (pendingWrittenBytesInBIO <= 0) {
            return null;
        }
        if (byteBuffer.remaining() < pendingWrittenBytesInBIO) {
            return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, mayFinishHandshake(handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED ? getHandshakeStatus(pendingWrittenBytesInBIO) : handshakeStatus), i, i2);
        }
        int readEncryptedData = readEncryptedData(byteBuffer, pendingWrittenBytesInBIO);
        if (readEncryptedData <= 0) {
            SSL.clearError();
        } else {
            i2 += readEncryptedData;
            pendingWrittenBytesInBIO -= readEncryptedData;
        }
        if (this.isOutboundDone) {
            shutdown();
        }
        return new SSLEngineResult(getEngineStatus(), mayFinishHandshake(handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED ? getHandshakeStatus(pendingWrittenBytesInBIO) : handshakeStatus), i, i2);
    }

    @Override // javax.net.ssl.SSLEngine
    public final SSLEngineResult wrap(ByteBuffer[] byteBufferArr, int i, int i2, ByteBuffer byteBuffer) throws SSLException {
        SSLEngineResult readPendingBytesFromBIO;
        if (byteBufferArr == null) {
            throw new IllegalArgumentException("srcs is null");
        }
        if (byteBuffer == null) {
            throw new IllegalArgumentException("dst is null");
        }
        if (i >= byteBufferArr.length || i + i2 > byteBufferArr.length) {
            throw new IndexOutOfBoundsException("offset: " + i + ", length: " + i2 + " (expected: offset <= offset + length <= srcs.length (" + byteBufferArr.length + "))");
        }
        if (byteBuffer.isReadOnly()) {
            throw new ReadOnlyBufferException();
        }
        synchronized (this) {
            if (isDestroyed()) {
                return CLOSED_NOT_HANDSHAKING;
            }
            SSLEngineResult.HandshakeStatus handshakeStatus = SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
            if (this.handshakeState != HandshakeState.FINISHED) {
                if (this.handshakeState != HandshakeState.STARTED_EXPLICITLY) {
                    this.handshakeState = HandshakeState.STARTED_IMPLICITLY;
                }
                handshakeStatus = handshake();
                if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                    return NEED_UNWRAP_OK;
                }
                if (this.engineClosed) {
                    return NEED_UNWRAP_CLOSED;
                }
            }
            int i3 = 0;
            int i4 = 0;
            int i5 = i + i2;
            for (int i6 = i; i6 < i5; i6++) {
                ByteBuffer byteBuffer2 = byteBufferArr[i6];
                if (byteBuffer2 == null) {
                    throw new IllegalArgumentException("srcs[" + i6 + "] is null");
                }
                while (byteBuffer2.hasRemaining()) {
                    int writePlaintextData = writePlaintextData(byteBuffer2);
                    if (writePlaintextData <= 0) {
                        switch (SSL.getError(this.ssl, writePlaintextData)) {
                            case 2:
                                SSLEngineResult readPendingBytesFromBIO2 = readPendingBytesFromBIO(byteBuffer, i4, i3, handshakeStatus);
                                return readPendingBytesFromBIO2 != null ? readPendingBytesFromBIO2 : new SSLEngineResult(getEngineStatus(), SSLEngineResult.HandshakeStatus.NEED_UNWRAP, i4, i3);
                            case 3:
                                SSLEngineResult readPendingBytesFromBIO3 = readPendingBytesFromBIO(byteBuffer, i4, i3, handshakeStatus);
                                return readPendingBytesFromBIO3 != null ? readPendingBytesFromBIO3 : NEED_WRAP_CLOSED;
                            case 4:
                            case 5:
                            default:
                                throw shutdownWithError("SSL_write");
                            case 6:
                                if (!this.receivedShutdown) {
                                    closeAll();
                                }
                                SSLEngineResult readPendingBytesFromBIO4 = readPendingBytesFromBIO(byteBuffer, i4, i3, handshakeStatus);
                                return readPendingBytesFromBIO4 != null ? readPendingBytesFromBIO4 : CLOSED_NOT_HANDSHAKING;
                        }
                    }
                    i4 += writePlaintextData;
                    SSLEngineResult readPendingBytesFromBIO5 = readPendingBytesFromBIO(byteBuffer, i4, i3, handshakeStatus);
                    if (readPendingBytesFromBIO5 != null) {
                        if (readPendingBytesFromBIO5.getStatus() != SSLEngineResult.Status.OK) {
                            return readPendingBytesFromBIO5;
                        }
                        i3 = readPendingBytesFromBIO5.bytesProduced();
                    }
                }
            }
            return (i4 != 0 || (readPendingBytesFromBIO = readPendingBytesFromBIO(byteBuffer, 0, i3, handshakeStatus)) == null) ? newResult(i4, i3, handshakeStatus) : readPendingBytesFromBIO;
        }
    }

    private SSLException shutdownWithError(String str) {
        return shutdownWithError(str, SSL.getLastError());
    }

    private SSLException shutdownWithError(String str, String str2) {
        if (logger.isDebugEnabled()) {
            logger.debug("{} failed: OpenSSL error: {}", str, str2);
        }
        shutdown();
        return this.handshakeState == HandshakeState.FINISHED ? new SSLException(str2) : new SSLHandshakeException(str2);
    }

    /* JADX WARN: Code restructure failed: missing block: B:104:0x026c, code lost:
    
        r0 = newResult(r22, r23, r21);
     */
    /* JADX WARN: Code restructure failed: missing block: B:106:0x0279, code lost:
    
        return r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:109:0x0287, code lost:
    
        switch(org.apache.tomcat.jni.SSL.getError(r7.ssl, r0)) {
            case 2: goto L102;
            case 3: goto L102;
            case 4: goto L105;
            case 5: goto L105;
            case 6: goto L99;
            default: goto L105;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:111:0x02ac, code lost:
    
        if (r7.receivedShutdown != false) goto L102;
     */
    /* JADX WARN: Code restructure failed: missing block: B:112:0x02af, code lost:
    
        closeAll();
     */
    /* JADX WARN: Code restructure failed: missing block: B:113:0x02b3, code lost:
    
        r0 = newResult(r22, r23, r21);
     */
    /* JADX WARN: Code restructure failed: missing block: B:115:0x02c0, code lost:
    
        return r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:116:0x02c1, code lost:
    
        r0 = sslReadErrorResult(org.apache.tomcat.jni.SSL.getLastErrorNumber(), r22, r23);
     */
    /* JADX WARN: Code restructure failed: missing block: B:118:0x02cf, code lost:
    
        return r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:120:0x0240, code lost:
    
        r24 = r24 + 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:125:0x0304, code lost:
    
        if (pendingAppData() <= 0) goto L126;
     */
    /* JADX WARN: Code restructure failed: missing block: B:126:0x0307, code lost:
    
        r2 = javax.net.ssl.SSLEngineResult.Status.BUFFER_OVERFLOW;
     */
    /* JADX WARN: Code restructure failed: missing block: B:127:0x0314, code lost:
    
        if (r21 == javax.net.ssl.SSLEngineResult.HandshakeStatus.FINISHED) goto L122;
     */
    /* JADX WARN: Code restructure failed: missing block: B:128:0x0317, code lost:
    
        r4 = getHandshakeStatus();
     */
    /* JADX WARN: Code restructure failed: missing block: B:129:0x0320, code lost:
    
        r0 = new javax.net.ssl.SSLEngineResult(r2, mayFinishHandshake(r4), r22, r23);
     */
    /* JADX WARN: Code restructure failed: missing block: B:131:0x032d, code lost:
    
        return r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:132:0x031e, code lost:
    
        r4 = r21;
     */
    /* JADX WARN: Code restructure failed: missing block: B:134:0x0332, code lost:
    
        if (r7.receivedShutdown != false) goto L131;
     */
    /* JADX WARN: Code restructure failed: missing block: B:136:0x033f, code lost:
    
        if ((org.apache.tomcat.jni.SSL.getShutdown(r7.ssl) & 2) != 2) goto L131;
     */
    /* JADX WARN: Code restructure failed: missing block: B:137:0x0342, code lost:
    
        closeAll();
     */
    /* JADX WARN: Code restructure failed: missing block: B:138:0x0346, code lost:
    
        r0 = newResult(r22, r23, r21);
     */
    /* JADX WARN: Code restructure failed: missing block: B:140:0x0353, code lost:
    
        return r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:142:0x02e1, code lost:
    
        if (org.apache.tomcat.jni.SSL.readFromSSL(r7.ssl, io.netty.handler.ssl.ReferenceCountedOpenSslEngine.EMPTY_ADDR, 0) > 0) goto L117;
     */
    /* JADX WARN: Code restructure failed: missing block: B:143:0x02e4, code lost:
    
        r0 = org.apache.tomcat.jni.SSL.getLastErrorNumber();
     */
    /* JADX WARN: Code restructure failed: missing block: B:144:0x02ef, code lost:
    
        if (io.netty.handler.ssl.OpenSsl.isError(r0) == false) goto L117;
     */
    /* JADX WARN: Code restructure failed: missing block: B:145:0x02f2, code lost:
    
        r0 = sslReadErrorResult(r0, r22, 0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:147:0x02ff, code lost:
    
        return r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:71:0x01d5, code lost:
    
        if (r9 < r0) goto L70;
     */
    /* JADX WARN: Code restructure failed: missing block: B:72:0x01d8, code lost:
    
        r0 = r8[r9];
        r0 = r0.remaining();
     */
    /* JADX WARN: Code restructure failed: missing block: B:73:0x01e6, code lost:
    
        if (r0 != 0) goto L73;
     */
    /* JADX WARN: Code restructure failed: missing block: B:74:0x01e9, code lost:
    
        r9 = r9 + 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:76:0x0219, code lost:
    
        if (r9 < r0) goto L148;
     */
    /* JADX WARN: Code restructure failed: missing block: B:79:0x01ef, code lost:
    
        r0 = writeEncryptedData(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:80:0x01f9, code lost:
    
        if (r0 <= 0) goto L147;
     */
    /* JADX WARN: Code restructure failed: missing block: B:81:0x01fc, code lost:
    
        r22 = r22 + r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:82:0x0207, code lost:
    
        if (r0 != r0) goto L145;
     */
    /* JADX WARN: Code restructure failed: missing block: B:83:0x020a, code lost:
    
        r9 = r9 + 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:86:0x0210, code lost:
    
        org.apache.tomcat.jni.SSL.clearError();
     */
    /* JADX WARN: Code restructure failed: missing block: B:87:0x021c, code lost:
    
        r23 = 0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:88:0x0223, code lost:
    
        if (r14 <= 0) goto L110;
     */
    /* JADX WARN: Code restructure failed: missing block: B:89:0x0226, code lost:
    
        r24 = r12;
     */
    /* JADX WARN: Code restructure failed: missing block: B:91:0x022e, code lost:
    
        if (r24 >= r0) goto L150;
     */
    /* JADX WARN: Code restructure failed: missing block: B:92:0x0231, code lost:
    
        r0 = r11[r24];
     */
    /* JADX WARN: Code restructure failed: missing block: B:93:0x023d, code lost:
    
        if (r0.hasRemaining() != false) goto L149;
     */
    /* JADX WARN: Code restructure failed: missing block: B:95:0x0246, code lost:
    
        r0 = readPlaintextData(r0);
        rejectRemoteInitiatedRenegation();
     */
    /* JADX WARN: Code restructure failed: missing block: B:96:0x0254, code lost:
    
        if (r0 <= 0) goto L152;
     */
    /* JADX WARN: Code restructure failed: missing block: B:97:0x0257, code lost:
    
        r23 = r23 + r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:98:0x0263, code lost:
    
        if (r0.hasRemaining() != false) goto L151;
     */
    /* JADX WARN: Code restructure failed: missing block: B:99:0x0266, code lost:
    
        r24 = r24 + 1;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final javax.net.ssl.SSLEngineResult unwrap(java.nio.ByteBuffer[] r8, int r9, int r10, java.nio.ByteBuffer[] r11, int r12, int r13) throws javax.net.ssl.SSLException {
        /*
            Method dump skipped, instructions count: 860
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(java.nio.ByteBuffer[], int, int, java.nio.ByteBuffer[], int, int):javax.net.ssl.SSLEngineResult");
    }

    private SSLEngineResult sslReadErrorResult(int i, int i2, int i3) throws SSLException {
        String errorString = SSL.getErrorString(i);
        if (SSL.pendingWrittenBytesInBIO(this.networkBIO) <= 0) {
            throw shutdownWithError("SSL_read", errorString);
        }
        if (this.handshakeException == null && this.handshakeState != HandshakeState.FINISHED) {
            this.handshakeException = new SSLHandshakeException(errorString);
        }
        return new SSLEngineResult(SSLEngineResult.Status.OK, SSLEngineResult.HandshakeStatus.NEED_WRAP, i2, i3);
    }

    private int pendingAppData() {
        if (this.handshakeState == HandshakeState.FINISHED) {
            return SSL.pendingReadableBytesInSSL(this.ssl);
        }
        return 0;
    }

    private SSLEngineResult newResult(int i, int i2, SSLEngineResult.HandshakeStatus handshakeStatus) throws SSLException {
        return new SSLEngineResult(getEngineStatus(), mayFinishHandshake(handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED ? getHandshakeStatus() : handshakeStatus), i, i2);
    }

    private void closeAll() throws SSLException {
        this.receivedShutdown = true;
        closeOutbound();
        closeInbound();
    }

    private void rejectRemoteInitiatedRenegation() throws SSLHandshakeException {
        if (!this.rejectRemoteInitiatedRenegation || SSL.getHandshakeCount(this.ssl) <= 1) {
            return;
        }
        shutdown();
        throw new SSLHandshakeException("remote-initiated renegotation not allowed");
    }

    public final SSLEngineResult unwrap(ByteBuffer[] byteBufferArr, ByteBuffer[] byteBufferArr2) throws SSLException {
        return unwrap(byteBufferArr, 0, byteBufferArr.length, byteBufferArr2, 0, byteBufferArr2.length);
    }

    private ByteBuffer[] singleSrcBuffer(ByteBuffer byteBuffer) {
        this.singleSrcBuffer[0] = byteBuffer;
        return this.singleSrcBuffer;
    }

    private void resetSingleSrcBuffer() {
        this.singleSrcBuffer[0] = null;
    }

    private ByteBuffer[] singleDstBuffer(ByteBuffer byteBuffer) {
        this.singleDstBuffer[0] = byteBuffer;
        return this.singleDstBuffer;
    }

    private void resetSingleDstBuffer() {
        this.singleDstBuffer[0] = null;
    }

    @Override // javax.net.ssl.SSLEngine
    public final synchronized SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr, int i, int i2) throws SSLException {
        try {
            SSLEngineResult unwrap = unwrap(singleSrcBuffer(byteBuffer), 0, 1, byteBufferArr, i, i2);
            resetSingleSrcBuffer();
            return unwrap;
        } catch (Throwable th) {
            resetSingleSrcBuffer();
            throw th;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public final synchronized SSLEngineResult wrap(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws SSLException {
        try {
            SSLEngineResult wrap = wrap(singleSrcBuffer(byteBuffer), byteBuffer2);
            resetSingleSrcBuffer();
            return wrap;
        } catch (Throwable th) {
            resetSingleSrcBuffer();
            throw th;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public final synchronized SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws SSLException {
        try {
            SSLEngineResult unwrap = unwrap(singleSrcBuffer(byteBuffer), singleDstBuffer(byteBuffer2));
            resetSingleSrcBuffer();
            resetSingleDstBuffer();
            return unwrap;
        } catch (Throwable th) {
            resetSingleSrcBuffer();
            resetSingleDstBuffer();
            throw th;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public final synchronized SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr) throws SSLException {
        try {
            SSLEngineResult unwrap = unwrap(singleSrcBuffer(byteBuffer), byteBufferArr);
            resetSingleSrcBuffer();
            return unwrap;
        } catch (Throwable th) {
            resetSingleSrcBuffer();
            throw th;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public final Runnable getDelegatedTask() {
        return null;
    }

    @Override // javax.net.ssl.SSLEngine
    public final synchronized void closeInbound() throws SSLException {
        if (this.isInboundDone) {
            return;
        }
        this.isInboundDone = true;
        this.engineClosed = true;
        shutdown();
        if (this.handshakeState != HandshakeState.NOT_STARTED && !this.receivedShutdown) {
            throw new SSLException("Inbound closed before receiving peer's close_notify: possible truncation attack?");
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public final synchronized boolean isInboundDone() {
        return this.isInboundDone || this.engineClosed;
    }

    @Override // javax.net.ssl.SSLEngine
    public final synchronized void closeOutbound() {
        int shutdownSSL;
        if (this.isOutboundDone) {
            return;
        }
        this.isOutboundDone = true;
        this.engineClosed = true;
        if (this.handshakeState == HandshakeState.NOT_STARTED || isDestroyed()) {
            shutdown();
            return;
        }
        if ((SSL.getShutdown(this.ssl) & 1) == 1 || (shutdownSSL = SSL.shutdownSSL(this.ssl)) >= 0) {
            return;
        }
        switch (SSL.getError(this.ssl, shutdownSSL)) {
            case 0:
            case 2:
            case 3:
            case 4:
            case 6:
            case 7:
            case 8:
                return;
            case 1:
            case 5:
                if (logger.isDebugEnabled()) {
                    logger.debug("SSL_shutdown failed: OpenSSL error: {}", SSL.getLastError());
                }
                shutdown();
                return;
            default:
                SSL.clearError();
                return;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public final synchronized boolean isOutboundDone() {
        return this.isOutboundDone;
    }

    @Override // javax.net.ssl.SSLEngine
    public final String[] getSupportedCipherSuites() {
        return (String[]) OpenSsl.AVAILABLE_CIPHER_SUITES.toArray(new String[OpenSsl.AVAILABLE_CIPHER_SUITES.size()]);
    }

    @Override // javax.net.ssl.SSLEngine
    public final String[] getEnabledCipherSuites() {
        synchronized (this) {
            if (isDestroyed()) {
                return EmptyArrays.EMPTY_STRINGS;
            }
            String[] ciphers = SSL.getCiphers(this.ssl);
            if (ciphers == null) {
                return EmptyArrays.EMPTY_STRINGS;
            }
            synchronized (this) {
                for (int i = 0; i < ciphers.length; i++) {
                    String javaCipherSuite = toJavaCipherSuite(ciphers[i]);
                    if (javaCipherSuite != null) {
                        ciphers[i] = javaCipherSuite;
                    }
                }
            }
            return ciphers;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public final void setEnabledCipherSuites(String[] strArr) {
        String str;
        ObjectUtil.checkNotNull(strArr, "cipherSuites");
        StringBuilder sb = new StringBuilder();
        int length = strArr.length;
        for (int i = 0; i < length && (str = strArr[i]) != null; i++) {
            String openSsl = CipherSuiteConverter.toOpenSsl(str);
            if (openSsl == null) {
                openSsl = str;
            }
            if (!OpenSsl.isCipherSuiteAvailable(openSsl)) {
                throw new IllegalArgumentException("unsupported cipher suite: " + str + '(' + openSsl + ')');
            }
            sb.append(openSsl);
            sb.append(':');
        }
        if (sb.length() == 0) {
            throw new IllegalArgumentException("empty cipher suites");
        }
        sb.setLength(sb.length() - 1);
        String sb2 = sb.toString();
        synchronized (this) {
            if (isDestroyed()) {
                throw new IllegalStateException("failed to enable cipher suites: " + sb2);
            }
            try {
                SSL.setCipherSuites(this.ssl, sb2);
            } catch (Exception e) {
                throw new IllegalStateException("failed to enable cipher suites: " + sb2, e);
            }
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public final String[] getSupportedProtocols() {
        return (String[]) OpenSsl.SUPPORTED_PROTOCOLS_SET.toArray(new String[OpenSsl.SUPPORTED_PROTOCOLS_SET.size()]);
    }

    @Override // javax.net.ssl.SSLEngine
    public final String[] getEnabledProtocols() {
        ArrayList arrayList = InternalThreadLocalMap.get().arrayList();
        arrayList.add("SSLv2Hello");
        synchronized (this) {
            if (isDestroyed()) {
                return (String[]) arrayList.toArray(new String[1]);
            }
            int options = SSL.getOptions(this.ssl);
            if ((options & 67108864) == 0) {
                arrayList.add("TLSv1");
            }
            if ((options & 268435456) == 0) {
                arrayList.add("TLSv1.1");
            }
            if ((options & 134217728) == 0) {
                arrayList.add("TLSv1.2");
            }
            if ((options & 16777216) == 0) {
                arrayList.add("SSLv2");
            }
            if ((options & 33554432) == 0) {
                arrayList.add("SSLv3");
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public final void setEnabledProtocols(String[] strArr) {
        if (strArr == null) {
            throw new IllegalArgumentException();
        }
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        for (String str : strArr) {
            if (!OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(str)) {
                throw new IllegalArgumentException("Protocol " + str + " is not supported.");
            }
            if (str.equals("SSLv2")) {
                z = true;
            } else if (str.equals("SSLv3")) {
                z2 = true;
            } else if (str.equals("TLSv1")) {
                z3 = true;
            } else if (str.equals("TLSv1.1")) {
                z4 = true;
            } else if (str.equals("TLSv1.2")) {
                z5 = true;
            }
        }
        synchronized (this) {
            if (isDestroyed()) {
                throw new IllegalStateException("failed to enable protocols: " + Arrays.asList(strArr));
            }
            SSL.setOptions(this.ssl, 4095);
            SSL.clearOptions(this.ssl, 520093696);
            int i = z ? 0 : 0 | 16777216;
            if (!z2) {
                i |= 33554432;
            }
            if (!z3) {
                i |= 67108864;
            }
            if (!z4) {
                i |= 268435456;
            }
            if (!z5) {
                i |= 134217728;
            }
            SSL.setOptions(this.ssl, i);
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public final SSLSession getSession() {
        return this.session;
    }

    @Override // javax.net.ssl.SSLEngine
    public final synchronized void beginHandshake() throws SSLException {
        switch (this.handshakeState) {
            case NOT_STARTED:
                break;
            case FINISHED:
                if (!this.clientMode) {
                    if (SSL.renegotiate(this.ssl) != 1 || SSL.doHandshake(this.ssl) != 1) {
                        throw shutdownWithError("renegotiation failed");
                    }
                    SSL.setState(this.ssl, 8192);
                    this.lastAccessed = System.currentTimeMillis();
                    break;
                } else {
                    throw RENEGOTIATION_UNSUPPORTED;
                }
            case STARTED_IMPLICITLY:
                checkEngineClosed(BEGIN_HANDSHAKE_ENGINE_CLOSED);
                this.handshakeState = HandshakeState.STARTED_EXPLICITLY;
                return;
            case STARTED_EXPLICITLY:
                return;
            default:
                throw new Error();
        }
        this.handshakeState = HandshakeState.STARTED_EXPLICITLY;
        handshake();
    }

    private void checkEngineClosed(SSLException sSLException) throws SSLException {
        if (this.engineClosed || isDestroyed()) {
            throw sSLException;
        }
    }

    private static SSLEngineResult.HandshakeStatus pendingStatus(int i) {
        return i > 0 ? SSLEngineResult.HandshakeStatus.NEED_WRAP : SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
    }

    private SSLEngineResult.HandshakeStatus handshake() throws SSLException {
        if (this.handshakeState == HandshakeState.FINISHED) {
            return SSLEngineResult.HandshakeStatus.FINISHED;
        }
        checkEngineClosed(HANDSHAKE_ENGINE_CLOSED);
        SSLHandshakeException sSLHandshakeException = this.handshakeException;
        if (sSLHandshakeException != null) {
            if (SSL.pendingWrittenBytesInBIO(this.networkBIO) > 0) {
                return SSLEngineResult.HandshakeStatus.NEED_WRAP;
            }
            this.handshakeException = null;
            shutdown();
            throw sSLHandshakeException;
        }
        this.engineMap.add(this);
        if (this.lastAccessed == -1) {
            this.lastAccessed = System.currentTimeMillis();
        }
        if (!this.certificateSet && this.keyMaterialManager != null) {
            this.certificateSet = true;
            this.keyMaterialManager.setKeyMaterial(this);
        }
        int doHandshake = SSL.doHandshake(this.ssl);
        if (doHandshake > 0) {
            this.session.handshakeFinished();
            this.engineMap.remove(this.ssl);
            return SSLEngineResult.HandshakeStatus.FINISHED;
        }
        if (this.handshakeException == null) {
            switch (SSL.getError(this.ssl, doHandshake)) {
                case 2:
                case 3:
                    return pendingStatus(SSL.pendingWrittenBytesInBIO(this.networkBIO));
                default:
                    throw shutdownWithError("SSL_do_handshake");
            }
        }
        SSLHandshakeException sSLHandshakeException2 = this.handshakeException;
        this.handshakeException = null;
        shutdown();
        throw sSLHandshakeException2;
    }

    private SSLEngineResult.Status getEngineStatus() {
        return this.engineClosed ? SSLEngineResult.Status.CLOSED : SSLEngineResult.Status.OK;
    }

    private SSLEngineResult.HandshakeStatus mayFinishHandshake(SSLEngineResult.HandshakeStatus handshakeStatus) throws SSLException {
        return (handshakeStatus != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING || this.handshakeState == HandshakeState.FINISHED) ? handshakeStatus : handshake();
    }

    @Override // javax.net.ssl.SSLEngine
    public final synchronized SSLEngineResult.HandshakeStatus getHandshakeStatus() {
        return needPendingStatus() ? pendingStatus(SSL.pendingWrittenBytesInBIO(this.networkBIO)) : SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
    }

    private SSLEngineResult.HandshakeStatus getHandshakeStatus(int i) {
        return needPendingStatus() ? pendingStatus(i) : SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
    }

    private boolean needPendingStatus() {
        return (this.handshakeState == HandshakeState.NOT_STARTED || isDestroyed() || (this.handshakeState == HandshakeState.FINISHED && !this.engineClosed)) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String toJavaCipherSuite(String str) {
        if (str == null) {
            return null;
        }
        return CipherSuiteConverter.toJava(str, toJavaCipherSuitePrefix(SSL.getVersion(this.ssl)));
    }

    private static String toJavaCipherSuitePrefix(String str) {
        switch ((str == null || str.length() == 0) ? (char) 0 : str.charAt(0)) {
            case 'S':
                return ch.qos.logback.core.net.ssl.SSL.DEFAULT_PROTOCOL;
            case 'T':
                return SslConfigs.DEFAULT_SSL_PROTOCOL;
            default:
                return "UNKNOWN";
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public final void setUseClientMode(boolean z) {
        if (z != this.clientMode) {
            throw new UnsupportedOperationException();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public final boolean getUseClientMode() {
        return this.clientMode;
    }

    @Override // javax.net.ssl.SSLEngine
    public final void setNeedClientAuth(boolean z) {
        setClientAuth(z ? ClientAuth.REQUIRE : ClientAuth.NONE);
    }

    @Override // javax.net.ssl.SSLEngine
    public final boolean getNeedClientAuth() {
        return this.clientAuth == ClientAuth.REQUIRE;
    }

    @Override // javax.net.ssl.SSLEngine
    public final void setWantClientAuth(boolean z) {
        setClientAuth(z ? ClientAuth.OPTIONAL : ClientAuth.NONE);
    }

    @Override // javax.net.ssl.SSLEngine
    public final boolean getWantClientAuth() {
        return this.clientAuth == ClientAuth.OPTIONAL;
    }

    private void setClientAuth(ClientAuth clientAuth) {
        if (this.clientMode) {
            return;
        }
        synchronized (this) {
            if (this.clientAuth == clientAuth) {
                return;
            }
            switch (clientAuth) {
                case NONE:
                    SSL.setVerify(this.ssl, 0, 10);
                    break;
                case REQUIRE:
                    SSL.setVerify(this.ssl, 2, 10);
                    break;
                case OPTIONAL:
                    SSL.setVerify(this.ssl, 1, 10);
                    break;
                default:
                    throw new Error(clientAuth.toString());
            }
            this.clientAuth = clientAuth;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public final void setEnableSessionCreation(boolean z) {
        if (z) {
            throw new UnsupportedOperationException();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public final boolean getEnableSessionCreation() {
        return false;
    }

    @Override // javax.net.ssl.SSLEngine
    public final synchronized SSLParameters getSSLParameters() {
        SSLParameters sSLParameters = super.getSSLParameters();
        int javaVersion = PlatformDependent.javaVersion();
        if (javaVersion >= 7) {
            sSLParameters.setEndpointIdentificationAlgorithm(this.endPointIdentificationAlgorithm);
            SslParametersUtils.setAlgorithmConstraints(sSLParameters, this.algorithmConstraints);
            if (javaVersion >= 8) {
                if (SET_SERVER_NAMES_METHOD != null && this.sniHostNames != null) {
                    try {
                        SET_SERVER_NAMES_METHOD.invoke(sSLParameters, this.sniHostNames);
                    } catch (IllegalAccessException e) {
                        throw new Error(e);
                    } catch (InvocationTargetException e2) {
                        throw new Error(e2);
                    }
                }
                if (SET_USE_CIPHER_SUITES_ORDER_METHOD != null && !isDestroyed()) {
                    try {
                        Method method = SET_USE_CIPHER_SUITES_ORDER_METHOD;
                        Object[] objArr = new Object[1];
                        objArr[0] = Boolean.valueOf((SSL.getOptions(this.ssl) & 4194304) != 0);
                        method.invoke(sSLParameters, objArr);
                    } catch (IllegalAccessException e3) {
                        throw new Error(e3);
                    } catch (InvocationTargetException e4) {
                        throw new Error(e4);
                    }
                }
            }
        }
        return sSLParameters;
    }

    @Override // javax.net.ssl.SSLEngine
    public final synchronized void setSSLParameters(SSLParameters sSLParameters) {
        super.setSSLParameters(sSLParameters);
        int javaVersion = PlatformDependent.javaVersion();
        if (javaVersion >= 7) {
            this.endPointIdentificationAlgorithm = sSLParameters.getEndpointIdentificationAlgorithm();
            this.algorithmConstraints = sSLParameters.getAlgorithmConstraints();
            if (javaVersion >= 8) {
                if (SNI_HOSTNAME_CLASS != null && this.clientMode && !isDestroyed()) {
                    if (!$assertionsDisabled && GET_SERVER_NAMES_METHOD == null) {
                        throw new AssertionError();
                    }
                    if (!$assertionsDisabled && GET_ASCII_NAME_METHOD == null) {
                        throw new AssertionError();
                    }
                    try {
                        List<?> list = (List) GET_SERVER_NAMES_METHOD.invoke(sSLParameters, new Object[0]);
                        if (list != null) {
                            for (Object obj : list) {
                                if (!SNI_HOSTNAME_CLASS.isInstance(obj)) {
                                    throw new IllegalArgumentException("Only " + SNI_HOSTNAME_CLASS.getName() + " instances are supported, but found: " + obj);
                                }
                                SSL.setTlsExtHostName(this.ssl, (String) GET_ASCII_NAME_METHOD.invoke(obj, new Object[0]));
                            }
                        }
                        this.sniHostNames = list;
                    } catch (IllegalAccessException e) {
                        throw new Error(e);
                    } catch (InvocationTargetException e2) {
                        throw new Error(e2);
                    }
                }
                if (GET_USE_CIPHER_SUITES_ORDER_METHOD == null || isDestroyed()) {
                    return;
                }
                try {
                    if (((Boolean) GET_USE_CIPHER_SUITES_ORDER_METHOD.invoke(sSLParameters, new Object[0])).booleanValue()) {
                        SSL.setOptions(this.ssl, 4194304);
                    } else {
                        SSL.clearOptions(this.ssl, 4194304);
                    }
                } catch (IllegalAccessException e3) {
                    throw new Error(e3);
                } catch (InvocationTargetException e4) {
                    throw new Error(e4);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isDestroyed() {
        return this.destroyed != 0;
    }

    static {
        $assertionsDisabled = !ReferenceCountedOpenSslEngine.class.desiredAssertionStatus();
        logger = InternalLoggerFactory.getInstance((Class<?>) ReferenceCountedOpenSslEngine.class);
        EMPTY_CERTIFICATES = EmptyArrays.EMPTY_CERTIFICATES;
        EMPTY_X509_CERTIFICATES = EmptyArrays.EMPTY_JAVAX_X509_CERTIFICATES;
        BEGIN_HANDSHAKE_ENGINE_CLOSED = (SSLException) ThrowableUtil.unknownStackTrace(new SSLException("engine closed"), ReferenceCountedOpenSslEngine.class, "beginHandshake()");
        HANDSHAKE_ENGINE_CLOSED = (SSLException) ThrowableUtil.unknownStackTrace(new SSLException("engine closed"), ReferenceCountedOpenSslEngine.class, "handshake()");
        RENEGOTIATION_UNSUPPORTED = (SSLException) ThrowableUtil.unknownStackTrace(new SSLException("renegotiation unsupported"), ReferenceCountedOpenSslEngine.class, "beginHandshake()");
        ENCRYPTED_PACKET_OVERSIZED = (SSLException) ThrowableUtil.unknownStackTrace(new SSLException("encrypted packet oversized"), ReferenceCountedOpenSslEngine.class, "unwrap(...)");
        leakDetector = ResourceLeakDetectorFactory.instance().newResourceLeakDetector(ReferenceCountedOpenSslEngine.class);
        AtomicIntegerFieldUpdater<ReferenceCountedOpenSslEngine> newAtomicIntegerFieldUpdater = PlatformDependent.newAtomicIntegerFieldUpdater(ReferenceCountedOpenSslEngine.class, "destroyed");
        if (newAtomicIntegerFieldUpdater == null) {
            newAtomicIntegerFieldUpdater = AtomicIntegerFieldUpdater.newUpdater(ReferenceCountedOpenSslEngine.class, "destroyed");
        }
        DESTROYED_UPDATER = newAtomicIntegerFieldUpdater;
        Method method = null;
        Method method2 = null;
        Class<?> cls = null;
        Method method3 = null;
        Method method4 = null;
        Method method5 = null;
        if (PlatformDependent.javaVersion() >= 8) {
            try {
                method = SSLParameters.class.getDeclaredMethod("getUseCipherSuitesOrder", new Class[0]);
                SSLParameters sSLParameters = new SSLParameters();
                method2 = SSLParameters.class.getDeclaredMethod("setUseCipherSuitesOrder", Boolean.TYPE);
                method2.invoke(sSLParameters, true);
            } catch (Throwable th) {
                method = null;
                method2 = null;
            }
            try {
                cls = Class.forName("javax.net.ssl.SNIHostName", false, PlatformDependent.getClassLoader(ReferenceCountedOpenSslEngine.class));
                Object newInstance = cls.getConstructor(String.class).newInstance("netty.io");
                method3 = cls.getDeclaredMethod("getAsciiName", new Class[0]);
                method4 = SSLParameters.class.getDeclaredMethod("getServerNames", new Class[0]);
                method5 = SSLParameters.class.getDeclaredMethod("setServerNames", List.class);
                SSLParameters sSLParameters2 = new SSLParameters();
                method5.invoke(sSLParameters2, Collections.emptyList());
            } catch (Throwable th2) {
                cls = null;
                method3 = null;
                method4 = null;
                method5 = null;
            }
        }
        GET_USE_CIPHER_SUITES_ORDER_METHOD = method;
        SET_USE_CIPHER_SUITES_ORDER_METHOD = method2;
        SNI_HOSTNAME_CLASS = cls;
        GET_ASCII_NAME_METHOD = method3;
        GET_SERVER_NAMES_METHOD = method4;
        SET_SERVER_NAMES_METHOD = method5;
        EMPTY_ADDR = Buffer.address(Unpooled.EMPTY_BUFFER.nioBuffer());
        NEED_UNWRAP_OK = new SSLEngineResult(SSLEngineResult.Status.OK, SSLEngineResult.HandshakeStatus.NEED_UNWRAP, 0, 0);
        NEED_UNWRAP_CLOSED = new SSLEngineResult(SSLEngineResult.Status.CLOSED, SSLEngineResult.HandshakeStatus.NEED_UNWRAP, 0, 0);
        NEED_WRAP_OK = new SSLEngineResult(SSLEngineResult.Status.OK, SSLEngineResult.HandshakeStatus.NEED_WRAP, 0, 0);
        NEED_WRAP_CLOSED = new SSLEngineResult(SSLEngineResult.Status.CLOSED, SSLEngineResult.HandshakeStatus.NEED_WRAP, 0, 0);
        CLOSED_NOT_HANDSHAKING = new SSLEngineResult(SSLEngineResult.Status.CLOSED, SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, 0, 0);
    }
}
