package io.questdb.cutlass.line.tcp;

import io.questdb.client.Sender;
import io.questdb.cutlass.line.LineChannel;
import io.questdb.cutlass.line.LineSenderException;
import io.questdb.log.Log;
import io.questdb.log.LogFactory;
import io.questdb.std.Misc;
import io.questdb.std.Unsafe;
import io.questdb.std.Vect;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.lang.reflect.Field;
import java.nio.Buffer;
import java.nio.ByteBuffer;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:io/questdb/cutlass/line/tcp/DelegatingTlsChannel.class */
public final class DelegatingTlsChannel implements LineChannel {
    private static final Log LOG;
    private static final int INITIAL_BUFFER_CAPACITY = 65536;
    private static final long ADDRESS_FIELD_OFFSET;
    private static final long LIMIT_FIELD_OFFSET;
    private static final long CAPACITY_FIELD_OFFSET;
    private static final int INITIAL_STATE = 0;
    private static final int AFTER_HANDSHAKE = 1;
    private static final int CLOSING = 2;
    private static final int CLOSED = 3;
    private static final TrustManager[] BLIND_TRUST_MANAGERS;
    private LineChannel delegate;
    private final SSLEngine sslEngine;
    private ByteBuffer wrapOutputBuffer;
    private ByteBuffer unwrapInputBuffer;
    private ByteBuffer unwrapOutputBuffer;
    private final ByteBuffer dummyBuffer;
    private long wrapOutputBufferPtr;
    private long unwrapInputBufferPtr;
    private long unwrapOutputBufferPtr;
    static final /* synthetic */ boolean $assertionsDisabled;
    private int state = 0;
    private final ByteBuffer wrapInputBuffer = ByteBuffer.allocateDirect(0);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.questdb.cutlass.line.tcp.DelegatingTlsChannel$2, reason: invalid class name */
    /* loaded from: input_file:io/questdb/cutlass/line/tcp/DelegatingTlsChannel$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.OK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 4;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 5;
            } catch (NoSuchFieldError e9) {
            }
        }
    }

    public DelegatingTlsChannel(LineChannel lineChannel, String str, char[] cArr, Sender.TlsValidationMode tlsValidationMode, String str2) {
        this.delegate = lineChannel;
        this.sslEngine = createSslEngine(str, cArr, tlsValidationMode, str2);
        int intValue = Integer.getInteger("questdb.experimental.tls.buffersize", INITIAL_BUFFER_CAPACITY).intValue();
        this.wrapOutputBuffer = ByteBuffer.allocateDirect(0);
        this.unwrapInputBuffer = ByteBuffer.allocateDirect(0);
        this.unwrapOutputBuffer = ByteBuffer.allocateDirect(0);
        this.wrapOutputBufferPtr = allocateMemoryAndResetBuffer(this.wrapOutputBuffer, intValue);
        this.unwrapInputBufferPtr = allocateMemoryAndResetBuffer(this.unwrapInputBuffer, intValue);
        this.unwrapOutputBufferPtr = allocateMemoryAndResetBuffer(this.unwrapOutputBuffer, intValue);
        this.dummyBuffer = ByteBuffer.allocate(0);
        try {
            handshakeLoop();
        } catch (Throwable th) {
            close0(false);
            throw new LineSenderException("could not perform TLS handshake", th);
        }
    }

    private static SSLEngine createSslEngine(String str, char[] cArr, Sender.TlsValidationMode tlsValidationMode, String str2) {
        SSLContext sSLContext;
        if (!$assertionsDisabled && str != null && tlsValidationMode != Sender.TlsValidationMode.DEFAULT) {
            throw new AssertionError();
        }
        try {
            if (str != null) {
                sSLContext = SSLContext.getInstance("TLS");
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                KeyStore keyStore = KeyStore.getInstance("JKS");
                InputStream openTruststoreStream = openTruststoreStream(str);
                Throwable th = null;
                try {
                    try {
                        keyStore.load(openTruststoreStream, cArr);
                        if (openTruststoreStream != null) {
                            if (0 != 0) {
                                try {
                                    openTruststoreStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                openTruststoreStream.close();
                            }
                        }
                        trustManagerFactory.init(keyStore);
                        sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
                    } finally {
                    }
                } finally {
                }
            } else if (tlsValidationMode == Sender.TlsValidationMode.INSECURE) {
                sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, BLIND_TRUST_MANAGERS, new SecureRandom());
            } else {
                sSLContext = SSLContext.getDefault();
            }
            SSLEngine createSSLEngine = sSLContext.createSSLEngine(str2, -1);
            if (tlsValidationMode != Sender.TlsValidationMode.INSECURE) {
                SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
                sSLParameters.setEndpointIdentificationAlgorithm("https");
                createSSLEngine.setSSLParameters(sSLParameters);
            }
            createSSLEngine.setUseClientMode(true);
            return createSSLEngine;
        } catch (Throwable th3) {
            if (th3 instanceof LineSenderException) {
                throw ((LineSenderException) th3);
            }
            throw new LineSenderException("could not create SSL engine", th3);
        }
    }

    private static InputStream openTruststoreStream(String str) throws FileNotFoundException {
        if (!str.startsWith("classpath:")) {
            return new FileInputStream(str);
        }
        InputStream resourceAsStream = DelegatingTlsChannel.class.getResourceAsStream(str.substring("classpath:".length()));
        if (resourceAsStream == null) {
            throw new LineSenderException("configured trust store is unavailable ").put("[path=").put(str).put("]");
        }
        return resourceAsStream;
    }

    @Override // io.questdb.cutlass.line.LineChannel
    public void send(long j, int i) {
        try {
            resetBufferToPointer(this.wrapInputBuffer, j, i);
            this.wrapInputBuffer.position(0);
            wrapLoop(this.wrapInputBuffer);
            if ($assertionsDisabled || !this.wrapInputBuffer.hasRemaining()) {
            } else {
                throw new AssertionError();
            }
        } catch (SSLException e) {
            throw new LineSenderException("error while sending data to questdb server", e);
        }
    }

    private void handshakeLoop() throws SSLException {
        if (this.state != 0) {
            return;
        }
        this.sslEngine.beginHandshake();
        while (true) {
            SSLEngineResult.HandshakeStatus handshakeStatus = this.sslEngine.getHandshakeStatus();
            switch (AnonymousClass2.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[handshakeStatus.ordinal()]) {
                case 1:
                    this.state = 1;
                    return;
                case 2:
                    this.sslEngine.getDelegatedTask().run();
                    break;
                case 3:
                    wrapLoop(this.dummyBuffer);
                    break;
                case 4:
                    unwrapLoop();
                    break;
                case 5:
                    throw new LineSenderException("getHandshakeStatus() returned FINISHED. It should not have been possible.");
                default:
                    throw new LineSenderException(handshakeStatus + "not supported");
            }
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x0018. Please report as an issue. */
    private void wrapLoop(ByteBuffer byteBuffer) throws SSLException {
        do {
            switch (AnonymousClass2.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[this.sslEngine.wrap(byteBuffer, this.wrapOutputBuffer).getStatus().ordinal()]) {
                case 1:
                    throw new LineSenderException("should not happen");
                case 2:
                    growWrapOutputBuffer();
                    break;
                case 3:
                    writeToUpstreamAndClear();
                    break;
                case 4:
                    if (this.state != 2) {
                        throw new LineSenderException("server closed connection unexpectedly");
                    }
                    return;
            }
        } while (byteBuffer.hasRemaining());
    }

    private void unwrapLoop() throws SSLException {
        while (this.unwrapOutputBuffer.position() == 0) {
            readFromUpstream(false);
            this.unwrapInputBuffer.flip();
            SSLEngineResult unwrap = this.sslEngine.unwrap(this.unwrapInputBuffer, this.unwrapOutputBuffer);
            this.unwrapInputBuffer.compact();
            switch (AnonymousClass2.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[unwrap.getStatus().ordinal()]) {
                case 1:
                    readFromUpstream(true);
                    break;
                case 2:
                    if (this.unwrapOutputBuffer.position() == 0) {
                        growUnwrapOutputBuffer();
                        break;
                    } else {
                        return;
                    }
                case 3:
                    return;
                case 4:
                    throw new LineSenderException("server closed connection unexpectedly");
            }
        }
    }

    private void writeToUpstreamAndClear() {
        if (!$assertionsDisabled && this.wrapOutputBuffer.limit() != this.wrapOutputBuffer.capacity()) {
            throw new AssertionError();
        }
        int position = this.wrapOutputBuffer.position();
        if (!$assertionsDisabled && Unsafe.getUnsafe().getLong(this.wrapOutputBuffer, ADDRESS_FIELD_OFFSET) != this.wrapOutputBufferPtr) {
            throw new AssertionError();
        }
        this.delegate.send(this.wrapOutputBufferPtr, position);
        this.wrapOutputBuffer.position(0);
    }

    private void readFromUpstream(boolean z) {
        if (this.unwrapInputBuffer.position() == 0 || z) {
            if (!$assertionsDisabled && this.unwrapInputBuffer.limit() != this.unwrapInputBuffer.capacity()) {
                throw new AssertionError();
            }
            int remaining = this.unwrapInputBuffer.remaining();
            if (remaining == 0) {
                growUnwrapInputBuffer();
                remaining = this.unwrapInputBuffer.remaining();
            }
            if (!$assertionsDisabled && Unsafe.getUnsafe().getLong(this.unwrapInputBuffer, ADDRESS_FIELD_OFFSET) != this.unwrapInputBufferPtr) {
                throw new AssertionError();
            }
            int receive = this.delegate.receive(this.unwrapInputBufferPtr + this.unwrapInputBuffer.position(), remaining);
            if (receive < 0) {
                throw new LineSenderException("connection closed");
            }
            this.unwrapInputBuffer.position(this.unwrapInputBuffer.position() + receive);
        }
    }

    @Override // io.questdb.cutlass.line.LineChannel
    public int receive(long j, int i) {
        try {
            unwrapLoop();
            this.unwrapOutputBuffer.flip();
            int unwrapOutputBufferToPtr = unwrapOutputBufferToPtr(j, i);
            this.unwrapOutputBuffer.compact();
            return unwrapOutputBufferToPtr;
        } catch (SSLException e) {
            throw new LineSenderException("could not unwrap SSL packet", e);
        }
    }

    private int unwrapOutputBufferToPtr(long j, int i) {
        int position = this.unwrapOutputBuffer.position();
        if (!$assertionsDisabled && Unsafe.getUnsafe().getLong(Long.valueOf(this.unwrapOutputBufferPtr), ADDRESS_FIELD_OFFSET) != this.unwrapOutputBufferPtr) {
            throw new AssertionError();
        }
        long j2 = this.unwrapOutputBufferPtr + position;
        int min = Math.min(i, this.unwrapOutputBuffer.remaining());
        Vect.memcpy(j, j2, min);
        this.unwrapOutputBuffer.position(position + min);
        return min;
    }

    private void growWrapOutputBuffer() {
        this.wrapOutputBufferPtr = expandBuffer(this.wrapOutputBuffer, this.wrapOutputBufferPtr);
    }

    private void growUnwrapOutputBuffer() {
        this.unwrapOutputBufferPtr = expandBuffer(this.unwrapOutputBuffer, this.unwrapOutputBufferPtr);
    }

    private void growUnwrapInputBuffer() {
        this.unwrapInputBufferPtr = expandBuffer(this.unwrapInputBuffer, this.unwrapInputBufferPtr);
    }

    private static long expandBuffer(ByteBuffer byteBuffer, long j) {
        int capacity = byteBuffer.capacity();
        int i = capacity * 2;
        long realloc = Unsafe.realloc(j, capacity, i, 1);
        resetBufferToPointer(byteBuffer, realloc, i);
        return realloc;
    }

    private static long allocateMemoryAndResetBuffer(ByteBuffer byteBuffer, int i) {
        long malloc = Unsafe.malloc(i, 1);
        resetBufferToPointer(byteBuffer, malloc, i);
        return malloc;
    }

    private static void resetBufferToPointer(ByteBuffer byteBuffer, long j, int i) {
        if (!$assertionsDisabled && !byteBuffer.isDirect()) {
            throw new AssertionError();
        }
        Unsafe.getUnsafe().putLong(byteBuffer, ADDRESS_FIELD_OFFSET, j);
        Unsafe.getUnsafe().putLong(byteBuffer, LIMIT_FIELD_OFFSET, i);
        Unsafe.getUnsafe().putLong(byteBuffer, CAPACITY_FIELD_OFFSET, i);
    }

    @Override // io.questdb.cutlass.line.LineChannel
    public int errno() {
        return this.delegate.errno();
    }

    public void close0(boolean z) {
        int i = this.state;
        if (i == 3) {
            return;
        }
        this.state = 2;
        if (i == 1) {
            try {
                this.sslEngine.closeOutbound();
                wrapLoop(this.dummyBuffer);
                writeToUpstreamAndClear();
            } catch (Throwable th) {
                LOG.error().$((CharSequence) "could not send TLS close_notify alert").$(th).$();
            }
        }
        this.state = 3;
        if (z) {
            this.delegate = (LineChannel) Misc.free(this.delegate);
        }
        int capacity = this.wrapOutputBuffer.capacity();
        long j = this.wrapOutputBufferPtr;
        this.wrapOutputBuffer = null;
        this.wrapOutputBufferPtr = 0L;
        Unsafe.free(j, capacity, 1);
        int capacity2 = this.unwrapInputBuffer.capacity();
        long j2 = this.unwrapInputBufferPtr;
        this.unwrapInputBuffer = null;
        this.unwrapInputBufferPtr = 0L;
        Unsafe.free(j2, capacity2, 1);
        int capacity3 = this.unwrapOutputBuffer.capacity();
        long j3 = this.unwrapOutputBufferPtr;
        this.unwrapOutputBuffer = null;
        this.unwrapOutputBufferPtr = 0L;
        Unsafe.free(j3, capacity3, 1);
    }

    @Override // io.questdb.cutlass.line.LineChannel, java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        close0(true);
    }

    static {
        $assertionsDisabled = !DelegatingTlsChannel.class.desiredAssertionStatus();
        LOG = LogFactory.getLog(DelegatingTlsChannel.class);
        BLIND_TRUST_MANAGERS = new TrustManager[]{new X509TrustManager() { // from class: io.questdb.cutlass.line.tcp.DelegatingTlsChannel.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }};
        try {
            Field declaredField = Buffer.class.getDeclaredField("address");
            Field declaredField2 = Buffer.class.getDeclaredField("limit");
            Field declaredField3 = Buffer.class.getDeclaredField("capacity");
            ADDRESS_FIELD_OFFSET = Unsafe.getUnsafe().objectFieldOffset(declaredField);
            LIMIT_FIELD_OFFSET = Unsafe.getUnsafe().objectFieldOffset(declaredField2);
            CAPACITY_FIELD_OFFSET = Unsafe.getUnsafe().objectFieldOffset(declaredField3);
        } catch (NoSuchFieldException e) {
            throw new ExceptionInInitializerError(e);
        }
    }
}
