package one.microstream.communication.tls;

import java.io.IOException;
import java.nio.BufferOverflowException;
import java.nio.ByteBuffer;
import java.nio.channels.SocketChannel;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import one.microstream.com.ComException;
import one.microstream.com.ComExceptionTimeout;
import one.microstream.com.XSockets;
import one.microstream.communication.types.ComConnection;
import one.microstream.util.logging.Logging;
import org.slf4j.Logger;

/* loaded from: input_file:one/microstream/communication/tls/ComTLSConnection.class */
public class ComTLSConnection implements ComConnection {
    private final SocketChannel channel;
    private SSLEngine sslEngine;
    private ByteBuffer sslEncyptedOut;
    private ByteBuffer sslEncryptedIn;
    private ByteBuffer sslDecrypted;
    private int readTimeOut;
    private final SSLContext sslContext;
    private final boolean clientMode;
    private final TLSParametersProvider tlsParameterProvider;
    private final Logger logger = Logging.getLogger(ComConnection.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: one.microstream.communication.tls.ComTLSConnection$1, reason: invalid class name */
    /* loaded from: input_file:one/microstream/communication/tls/ComTLSConnection$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 3;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.OK.ordinal()] = 4;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    public ComTLSConnection(SocketChannel socketChannel, SSLContext sSLContext, TLSParametersProvider tLSParametersProvider, boolean z) {
        this.readTimeOut = tLSParametersProvider.getHandshakeReadTimeOut();
        this.channel = socketChannel;
        this.sslContext = sSLContext;
        this.clientMode = z;
        this.tlsParameterProvider = tLSParametersProvider;
    }

    public void readCompletely(ByteBuffer byteBuffer) {
        read(byteBuffer, byteBuffer.capacity());
    }

    public void readUnsecure(ByteBuffer byteBuffer) {
        readInternal(byteBuffer);
    }

    public void writeUnsecured(ByteBuffer byteBuffer) {
        XSockets.writeCompletely(this.channel, byteBuffer);
    }

    public ByteBuffer read(ByteBuffer byteBuffer, int i) {
        if (!this.channel.isOpen()) {
            throw new ComException("Can not read from closed channel!");
        }
        ByteBuffer ensureOutBufferSize = ensureOutBufferSize(byteBuffer, i);
        while (ensureOutBufferSize.position() < i) {
            if (this.sslDecrypted.position() == 0) {
                decryptPackage();
            } else {
                appendDecrypedData(ensureOutBufferSize, i);
            }
        }
        return ensureOutBufferSize;
    }

    public void close() {
        if (this.sslEngine != null) {
            closeSSLEngine();
        }
        XSockets.closeChannel(this.channel);
        this.logger.debug("closed connection {}", this);
    }

    private void closeSSLEngine() {
        ByteBuffer allocate = ByteBuffer.allocate(0);
        this.sslEngine.closeOutbound();
        while (!this.sslEngine.isOutboundDone()) {
            this.sslEncyptedOut.clear();
            try {
                if (this.sslEngine.wrap(allocate, this.sslEncyptedOut).getStatus() == SSLEngineResult.Status.OK) {
                    XSockets.writeCompletely(this.channel, this.sslEncyptedOut);
                }
                this.sslEncyptedOut.compact();
            } catch (SSLException e) {
                throw new ComException("failed to encrypt buffer", e);
            }
        }
    }

    public void writeCompletely(ByteBuffer byteBuffer) {
        write(byteBuffer, 0);
    }

    public void write(ByteBuffer byteBuffer, int i) {
        if (!this.channel.isOpen()) {
            throw new ComException("Can not write to closed channel!");
        }
        while (byteBuffer.remaining() > 0) {
            try {
                SSLEngineResult wrap = this.sslEngine.wrap(byteBuffer, this.sslEncyptedOut);
                this.sslEncyptedOut.flip();
                switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[wrap.getStatus().ordinal()]) {
                    case 1:
                        throw new ComException("Unexpected sslEngine wrap result: " + wrap.getStatus());
                    case 2:
                        throw new ComException("Unexpected sslEngine wrap result: " + wrap.getStatus());
                    case 3:
                        throw new ComException("Unexpected sslEngine wrap result: " + wrap.getStatus());
                    case 4:
                        XSockets.writeCompletely(this.channel, this.sslEncyptedOut);
                        this.sslEncyptedOut.clear();
                    default:
                        throw new ComException("Unexpected sslEngine wrap result: " + wrap.getStatus());
                }
            } catch (SSLException e) {
                throw new ComException("failed to encrypt buffer", e);
            }
        }
    }

    private void readInternal(ByteBuffer byteBuffer) {
        if (this.readTimeOut > 0) {
            readInternalWithTimeout(byteBuffer);
        } else {
            readInternalNoTimeout(byteBuffer);
        }
    }

    private void readInternalWithTimeout(ByteBuffer byteBuffer) {
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        try {
            try {
                int intValue = ((Integer) newSingleThreadExecutor.submit(() -> {
                    return Integer.valueOf(this.channel.read(byteBuffer));
                }).get(this.readTimeOut, TimeUnit.MILLISECONDS)).intValue();
                newSingleThreadExecutor.shutdownNow();
                if (intValue < 0) {
                    throw new ComException("reading data during handshake failed");
                }
            } catch (InterruptedException | ExecutionException e) {
                throw new ComException("reading data failed", e);
            } catch (TimeoutException e2) {
                throw new ComExceptionTimeout("read timeout after " + this.readTimeOut + " " + TimeUnit.MILLISECONDS, e2);
            }
        } catch (Throwable th) {
            newSingleThreadExecutor.shutdownNow();
            throw th;
        }
    }

    private SSLEngineResult.HandshakeStatus unwrapHandshakeData() throws IOException {
        SSLEngineResult.HandshakeStatus handshakeStatus = this.sslEngine.getHandshakeStatus();
        if (this.sslEncryptedIn.position() == 0) {
            readInternal(this.sslEncryptedIn);
        }
        this.sslEncryptedIn.flip();
        while (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP && this.sslEncryptedIn.hasRemaining()) {
            SSLEngineResult unwrap = this.sslEngine.unwrap(this.sslEncryptedIn, this.sslDecrypted);
            handshakeStatus = unwrap.getHandshakeStatus();
            SSLEngineResult.Status status = unwrap.getStatus();
            if (status != SSLEngineResult.Status.OK) {
                if (status == SSLEngineResult.Status.CLOSED || status == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                    throw new ComException("TLS Handshake failed with engine status " + status);
                }
                if (status == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                    readInternal(this.sslEncryptedIn);
                }
            }
        }
        this.sslEncryptedIn.compact();
        return handshakeStatus;
    }

    private SSLEngineResult.HandshakeStatus wrapHandshakeData(ByteBuffer byteBuffer) throws IOException {
        this.sslEncyptedOut.clear();
        SSLEngineResult wrap = this.sslEngine.wrap(byteBuffer, this.sslEncyptedOut);
        SSLEngineResult.HandshakeStatus handshakeStatus = wrap.getHandshakeStatus();
        if (wrap.getStatus() == SSLEngineResult.Status.OK) {
            this.sslEncyptedOut.flip();
            this.channel.write(this.sslEncyptedOut);
            this.sslEncyptedOut.compact();
        }
        return handshakeStatus;
    }

    private SSLEngineResult.HandshakeStatus executeHandshakeTask() {
        Runnable delegatedTask = this.sslEngine.getDelegatedTask();
        if (delegatedTask != null) {
            Thread thread = new Thread(delegatedTask);
            thread.start();
            try {
                thread.join();
            } catch (InterruptedException e) {
                throw new ComException("Error in SSLEngine handshake task ", e);
            }
        }
        return this.sslEngine.getHandshakeStatus();
    }

    private void doHandshake() throws IOException {
        ByteBuffer allocate = ByteBuffer.allocate(this.sslEngine.getSession().getApplicationBufferSize());
        this.sslEngine.beginHandshake();
        SSLEngineResult.HandshakeStatus handshakeStatus = this.sslEngine.getHandshakeStatus();
        while (true) {
            SSLEngineResult.HandshakeStatus handshakeStatus2 = handshakeStatus;
            if (handshakeStatus2 == SSLEngineResult.HandshakeStatus.FINISHED || handshakeStatus2 == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
                return;
            }
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[handshakeStatus2.ordinal()]) {
                case 1:
                    handshakeStatus = unwrapHandshakeData();
                    break;
                case 2:
                    handshakeStatus = wrapHandshakeData(allocate);
                    break;
                case 3:
                    handshakeStatus = executeHandshakeTask();
                    break;
                default:
                    throw new ComException("Unexpected handshake status: " + handshakeStatus2);
            }
        }
    }

    private void decryptPackage() {
        boolean z = true;
        if (this.sslEncryptedIn.position() > 0) {
            this.sslEncryptedIn.flip();
            SSLEngineResult unwrapData = unwrapData();
            if (unwrapData.getStatus() == SSLEngineResult.Status.OK) {
                z = false;
                this.sslEncryptedIn.compact();
            }
            if (unwrapData.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                this.sslEncryptedIn.position(this.sslEncryptedIn.limit());
                this.sslEncryptedIn.limit(this.sslEncryptedIn.capacity());
            }
            if (unwrapData.getStatus() == SSLEngineResult.Status.CLOSED) {
                close();
            }
        }
        if (z) {
            readInternal(this.sslEncryptedIn);
        }
    }

    private void appendDecrypedData(ByteBuffer byteBuffer, int i) {
        this.sslDecrypted.flip();
        int min = Math.min(i, this.sslDecrypted.limit());
        try {
            byteBuffer.put(this.sslDecrypted.array(), 0, min);
            this.sslDecrypted.position(min);
            this.sslDecrypted.compact();
        } catch (IndexOutOfBoundsException | BufferOverflowException e) {
            throw new ComException("faild to copy to out buffer", e);
        }
    }

    private void readInternalNoTimeout(ByteBuffer byteBuffer) {
        try {
            if (this.channel.read(byteBuffer) < 0) {
                throw new ComException("reached end of stream unexpected");
            }
        } catch (IOException e) {
            throw new ComException("failed reading from channel", e);
        }
    }

    private ByteBuffer ensureOutBufferSize(ByteBuffer byteBuffer, int i) {
        ByteBuffer byteBuffer2;
        if (byteBuffer.capacity() < i) {
            byteBuffer2 = ByteBuffer.allocateDirect(i);
        } else {
            byteBuffer2 = byteBuffer;
            byteBuffer2.clear();
        }
        return byteBuffer2;
    }

    private SSLEngineResult unwrapData() {
        try {
            return this.sslEngine.unwrap(this.sslEncryptedIn, this.sslDecrypted);
        } catch (SSLException e) {
            throw new ComException("failed to decrypt buffer", e);
        }
    }

    public void enableSecurity() {
        this.sslEngine = this.sslContext.createSSLEngine();
        this.sslEngine.setUseClientMode(this.clientMode);
        this.sslEngine.setSSLParameters(this.tlsParameterProvider.getSSLParameters());
        this.sslEncryptedIn = ByteBuffer.allocate(this.sslEngine.getSession().getPacketBufferSize());
        this.sslEncyptedOut = ByteBuffer.allocate(this.sslEngine.getSession().getPacketBufferSize());
        this.sslDecrypted = ByteBuffer.allocate(this.sslEngine.getSession().getPacketBufferSize());
        try {
            doHandshake();
            this.logger.debug("SSLSession established {} {}", this.sslEngine.getSession().getProtocol(), this.sslEngine.getSession().getCipherSuite());
        } catch (IOException e) {
            throw new ComException("TLS handshake failed ", e);
        }
    }

    public void setTimeOut(int i) {
        this.readTimeOut = i;
    }
}
