package org.opends.server.extensions;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.ByteChannel;
import java.nio.channels.ClosedChannelException;
import java.security.cert.Certificate;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.forgerock.i18n.slf4j.LocalizedLogger;

/* loaded from: input_file:org/opends/server/extensions/TLSByteChannel.class */
public final class TLSByteChannel implements ConnectionSecurityProvider {
    static final Map<String, Integer> CIPHER_MAP;
    private static final ByteBuffer EMPTY_BUFFER;
    private static final LocalizedLogger logger;
    private final ByteChannel channel;
    private final SSLEngine sslEngine;
    private volatile SSLException sslException;
    private ByteBuffer recvWrappedBuffer;
    private ByteBuffer recvUnwrappedBuffer;
    private ByteBuffer sendWrappedBuffer;
    private final ByteChannelImpl pimpl = new ByteChannelImpl(this, null);
    private final Object handshakeLock = new Object();
    private final Object unwrapLock = new Object();
    private final Object wrapLock = new Object();
    private final Object readLock = new Object();
    private final Object writeLock = new Object();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.opends.server.extensions.TLSByteChannel$1, reason: invalid class name */
    /* loaded from: input_file:org/opends/server/extensions/TLSByteChannel$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 3;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    /* loaded from: input_file:org/opends/server/extensions/TLSByteChannel$ByteChannelImpl.class */
    private final class ByteChannelImpl implements ByteChannel {
        private ByteChannelImpl() {
        }

        @Override // java.nio.channels.Channel, java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            synchronized (TLSByteChannel.this.readLock) {
                synchronized (TLSByteChannel.this.writeLock) {
                    boolean z = !TLSByteChannel.this.sslEngine.isInboundDone();
                    try {
                        if (!TLSByteChannel.this.sslEngine.isOutboundDone()) {
                            TLSByteChannel.this.sslEngine.closeOutbound();
                            do {
                            } while (doWrapAndSend(TLSByteChannel.EMPTY_BUFFER) > 0);
                        }
                        try {
                            try {
                                TLSByteChannel.this.sslEngine.closeInbound();
                                TLSByteChannel.this.channel.close();
                            } catch (SSLException e) {
                                if (!z) {
                                    throw e;
                                }
                                TLSByteChannel.this.channel.close();
                            }
                        } finally {
                        }
                    } catch (ClosedChannelException e2) {
                        try {
                            try {
                                TLSByteChannel.this.sslEngine.closeInbound();
                                TLSByteChannel.this.channel.close();
                            } catch (SSLException e3) {
                                if (!z) {
                                    throw e3;
                                }
                                TLSByteChannel.this.channel.close();
                            }
                        } finally {
                        }
                    } catch (Throwable th) {
                        try {
                            try {
                                TLSByteChannel.this.sslEngine.closeInbound();
                                TLSByteChannel.this.channel.close();
                            } catch (SSLException e4) {
                                if (!z) {
                                    throw e4;
                                }
                                TLSByteChannel.this.channel.close();
                            }
                            throw th;
                        } finally {
                            TLSByteChannel.this.channel.close();
                        }
                    }
                }
            }
        }

        @Override // java.nio.channels.Channel
        public boolean isOpen() {
            return (TLSByteChannel.this.sslEngine.isOutboundDone() && TLSByteChannel.this.sslEngine.isInboundDone()) ? false : true;
        }

        @Override // java.nio.channels.ReadableByteChannel
        public int read(ByteBuffer byteBuffer) throws IOException {
            int doRecvAndUnwrap;
            synchronized (TLSByteChannel.this.readLock) {
                if (!TLSByteChannel.this.recvUnwrappedBuffer.hasRemaining() && (doRecvAndUnwrap = doRecvAndUnwrap()) <= 0) {
                    return doRecvAndUnwrap;
                }
                int position = byteBuffer.position();
                if (TLSByteChannel.this.recvUnwrappedBuffer.remaining() > byteBuffer.remaining()) {
                    while (byteBuffer.hasRemaining()) {
                        byteBuffer.put(TLSByteChannel.this.recvUnwrappedBuffer.get());
                    }
                } else {
                    byteBuffer.put(TLSByteChannel.this.recvUnwrappedBuffer);
                }
                return byteBuffer.position() - position;
            }
        }

        @Override // java.nio.channels.WritableByteChannel
        public int write(ByteBuffer byteBuffer) throws IOException {
            int remaining = byteBuffer.remaining();
            synchronized (TLSByteChannel.this.writeLock) {
                while (byteBuffer.hasRemaining()) {
                    doWrapAndSend(byteBuffer);
                    if (isHandshaking(TLSByteChannel.this.sslEngine.getHandshakeStatus())) {
                        doHandshake(false);
                    }
                }
            }
            return remaining;
        }

        private void abortOnSSLException() throws IOException {
            if (TLSByteChannel.this.sslException != null) {
                throw TLSByteChannel.this.sslException;
            }
        }

        private void doHandshake(boolean z) throws IOException {
            synchronized (TLSByteChannel.this.handshakeLock) {
                while (true) {
                    switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[TLSByteChannel.this.sslEngine.getHandshakeStatus().ordinal()]) {
                        case 1:
                            while (true) {
                                Runnable delegatedTask = TLSByteChannel.this.sslEngine.getDelegatedTask();
                                if (delegatedTask != null) {
                                    delegatedTask.run();
                                }
                            }
                            break;
                        case 2:
                            if (!z) {
                                if (doRecvAndUnwrap() >= 0) {
                                    break;
                                } else {
                                    throw new ClosedChannelException();
                                }
                            } else {
                                return;
                            }
                        case 3:
                            doWrapAndSend(TLSByteChannel.EMPTY_BUFFER);
                            break;
                        default:
                            return;
                    }
                }
            }
        }

        private int doRecvAndUnwrap() throws IOException {
            synchronized (TLSByteChannel.this.unwrapLock) {
                while (true) {
                    abortOnSSLException();
                    TLSByteChannel.this.recvUnwrappedBuffer.compact();
                    try {
                        try {
                            SSLEngineResult unwrap = TLSByteChannel.this.sslEngine.unwrap(TLSByteChannel.this.recvWrappedBuffer, TLSByteChannel.this.recvUnwrappedBuffer);
                            TLSByteChannel.this.recvUnwrappedBuffer.flip();
                            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[unwrap.getStatus().ordinal()]) {
                                case 1:
                                    ByteBuffer allocate = ByteBuffer.allocate(TLSByteChannel.this.recvUnwrappedBuffer.limit() + TLSByteChannel.this.sslEngine.getSession().getApplicationBufferSize());
                                    allocate.put(TLSByteChannel.this.recvUnwrappedBuffer);
                                    allocate.flip();
                                    TLSByteChannel.this.recvUnwrappedBuffer = allocate;
                                    break;
                                case 2:
                                    int packetBufferSize = TLSByteChannel.this.sslEngine.getSession().getPacketBufferSize();
                                    if (packetBufferSize > TLSByteChannel.this.recvWrappedBuffer.capacity()) {
                                        ByteBuffer allocate2 = ByteBuffer.allocate(packetBufferSize);
                                        allocate2.put(TLSByteChannel.this.recvWrappedBuffer);
                                        allocate2.flip();
                                        TLSByteChannel.this.recvWrappedBuffer = allocate2;
                                    }
                                    TLSByteChannel.this.recvWrappedBuffer.compact();
                                    int read = TLSByteChannel.this.channel.read(TLSByteChannel.this.recvWrappedBuffer);
                                    TLSByteChannel.this.recvWrappedBuffer.flip();
                                    if (read > 0) {
                                        break;
                                    } else {
                                        return read;
                                    }
                                case 3:
                                    return -1;
                                default:
                                    if (!TLSByteChannel.this.recvUnwrappedBuffer.hasRemaining()) {
                                        if (!isHandshaking(unwrap.getHandshakeStatus())) {
                                            break;
                                        } else {
                                            doHandshake(true);
                                            break;
                                        }
                                    } else {
                                        return TLSByteChannel.this.recvUnwrappedBuffer.remaining();
                                    }
                            }
                        } catch (SSLException e) {
                            TLSByteChannel.this.sslException = e;
                            throw e;
                        }
                    } catch (Throwable th) {
                        TLSByteChannel.this.recvUnwrappedBuffer.flip();
                        throw th;
                    }
                }
            }
        }

        private int doWrapAndSend(ByteBuffer byteBuffer) throws IOException {
            int position;
            synchronized (TLSByteChannel.this.wrapLock) {
                while (true) {
                    abortOnSSLException();
                    try {
                        switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[TLSByteChannel.this.sslEngine.wrap(byteBuffer, TLSByteChannel.this.sendWrappedBuffer).getStatus().ordinal()]) {
                            case 1:
                                ByteBuffer allocate = ByteBuffer.allocate(TLSByteChannel.this.sendWrappedBuffer.position() + TLSByteChannel.this.sslEngine.getSession().getPacketBufferSize());
                                TLSByteChannel.this.sendWrappedBuffer.flip();
                                allocate.put(TLSByteChannel.this.sendWrappedBuffer);
                                TLSByteChannel.this.sendWrappedBuffer = allocate;
                            case 2:
                                TLSByteChannel.this.sslException = new SSLException("Got unexpected underflow while wrapping");
                                throw TLSByteChannel.this.sslException;
                            case 3:
                                throw new ClosedChannelException();
                            default:
                                TLSByteChannel.this.sendWrappedBuffer.flip();
                                while (TLSByteChannel.this.sendWrappedBuffer.hasRemaining()) {
                                    TLSByteChannel.this.channel.write(TLSByteChannel.this.sendWrappedBuffer);
                                }
                                position = TLSByteChannel.this.sendWrappedBuffer.position();
                                TLSByteChannel.this.sendWrappedBuffer.clear();
                                break;
                        }
                    } catch (SSLException e) {
                        TLSByteChannel.this.sslException = e;
                        throw e;
                    }
                }
            }
            return position;
        }

        private boolean isHandshaking(SSLEngineResult.HandshakeStatus handshakeStatus) {
            return handshakeStatus != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
        }

        /* synthetic */ ByteChannelImpl(TLSByteChannel tLSByteChannel, AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    public TLSByteChannel(ByteChannel byteChannel, SSLEngine sSLEngine) {
        this.channel = byteChannel;
        this.sslEngine = sSLEngine;
        SSLSession session = sSLEngine.getSession();
        int packetBufferSize = session.getPacketBufferSize();
        int applicationBufferSize = session.getApplicationBufferSize();
        this.sendWrappedBuffer = ByteBuffer.allocate(packetBufferSize);
        this.recvWrappedBuffer = ByteBuffer.allocate(packetBufferSize);
        this.recvUnwrappedBuffer = ByteBuffer.allocate(applicationBufferSize);
        this.recvWrappedBuffer.flip();
        this.recvUnwrappedBuffer.flip();
    }

    @Override // org.opends.server.extensions.ConnectionSecurityProvider
    public ByteChannel getChannel() {
        return this.pimpl;
    }

    @Override // org.opends.server.extensions.ConnectionSecurityProvider
    public Certificate[] getClientCertificateChain() {
        try {
            return this.sslEngine.getSession().getPeerCertificates();
        } catch (SSLPeerUnverifiedException e) {
            logger.traceException(e);
            return new Certificate[0];
        }
    }

    @Override // org.opends.server.extensions.ConnectionSecurityProvider
    public String getName() {
        return "TLS";
    }

    @Override // org.opends.server.extensions.ConnectionSecurityProvider
    public int getSSF() {
        Integer ssf = getSSF(this.sslEngine.getSession().getCipherSuite());
        if (ssf != null) {
            return ssf.intValue();
        }
        return 0;
    }

    static Integer getSSF(String str) {
        for (Map.Entry<String, Integer> entry : CIPHER_MAP.entrySet()) {
            if (str.contains(entry.getKey())) {
                return entry.getValue();
            }
        }
        return null;
    }

    @Override // org.opends.server.extensions.ConnectionSecurityProvider
    public boolean isSecure() {
        return true;
    }

    static {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("_WITH_AES_256_", 256);
        linkedHashMap.put("_WITH_ARIA_256_", 256);
        linkedHashMap.put("_WITH_CAMELLIA_256_", 256);
        linkedHashMap.put("_WITH_AES_128_", 128);
        linkedHashMap.put("_WITH_ARIA_128_", 128);
        linkedHashMap.put("_WITH_SEED_", 128);
        linkedHashMap.put("_WITH_CAMELLIA_128_", 128);
        linkedHashMap.put("_WITH_IDEA_", 128);
        linkedHashMap.put("_WITH_RC4_128_", 128);
        linkedHashMap.put("_WITH_3DES_EDE_", 112);
        linkedHashMap.put("_WITH_FORTEZZA_", 96);
        linkedHashMap.put("_WITH_RC4_56_", 56);
        linkedHashMap.put("_WITH_DES_CBC_40_", 40);
        linkedHashMap.put("_WITH_RC2_CBC_40_", 40);
        linkedHashMap.put("_WITH_RC4_40_", 40);
        linkedHashMap.put("_WITH_DES40_", 40);
        linkedHashMap.put("_WITH_DES_", 56);
        linkedHashMap.put("_WITH_NULL_", 0);
        CIPHER_MAP = Collections.unmodifiableMap(linkedHashMap);
        EMPTY_BUFFER = ByteBuffer.allocate(0);
        logger = LocalizedLogger.getLoggerForThisClass();
    }
}
