package net.hasor.neta.handler.ssl;

import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Objects;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import net.hasor.cobble.ArrayUtils;
import net.hasor.cobble.ResourcesUtils;
import net.hasor.cobble.logging.Logger;
import net.hasor.neta.bytebuf.ByteBuf;
import net.hasor.neta.channel.ProtoContext;
import net.hasor.neta.channel.SoContext;
import net.hasor.neta.handler.ProtoRcvQueue;
import net.hasor.neta.handler.ProtoSndQueue;
import net.hasor.neta.handler.ProtoStatus;

/* loaded from: input_file:net/hasor/neta/handler/ssl/SslContextBasic.class */
public abstract class SslContextBasic implements SslContext {
    private static final Logger logger = Logger.getLogger(SslContextBasic.class);
    protected final long channelID;
    protected final ProtoContext protoCtx;
    protected final SoContext soContext;
    private final boolean clientMode;
    protected final boolean sslLog;
    protected final boolean netLog;
    protected final SslConfig sslConfig;
    protected volatile boolean sslStatus;
    protected SslMode sslMode;
    private final SSLContext sslContext;
    private final SslEngineWrap sslEngine;
    private final SslHandle sslHandler;

    public SslContextBasic(long j, SslConfig sslConfig, ProtoContext protoContext, boolean z) throws Exception {
        this.channelID = j;
        this.protoCtx = protoContext;
        this.soContext = protoContext.getSoContext();
        this.clientMode = z;
        this.sslLog = sslConfig.isSsllog();
        this.netLog = this.soContext.getConfig().isNetlog();
        this.sslConfig = sslConfig;
        this.sslMode = sslConfig.getSslMode();
        this.sslStatus = this.sslMode == SslMode.Always;
        this.sslContext = createSSLContext();
        this.sslEngine = new SslEngineWrap(j, sslConfig, () -> {
            return configSslEngine(this.sslContext, this.sslContext.createSSLEngine());
        });
        this.sslHandler = new SslHandle(j, protoContext, this.sslEngine, () -> {
            this.sslStatus = this.sslMode == SslMode.Always;
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SslEngineWrap getEngine() {
        return this.sslEngine;
    }

    @Override // net.hasor.neta.handler.ssl.SslContext
    public boolean isServer() {
        return !this.clientMode;
    }

    @Override // net.hasor.neta.handler.ssl.SslContext
    public boolean isClient() {
        return this.clientMode;
    }

    @Override // net.hasor.neta.handler.ssl.SslContext
    public boolean isActive() {
        return this.sslStatus;
    }

    @Override // net.hasor.neta.handler.ssl.SslContext
    public String getPeerHost() {
        return this.sslEngine.getPeerHost();
    }

    @Override // net.hasor.neta.handler.ssl.SslContext
    public int getPeerPort() {
        return this.sslEngine.getPeerPort();
    }

    @Override // net.hasor.neta.handler.ssl.SslContext
    public SslConfig getConfig() {
        return this.sslConfig;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyStore createKeyStore() throws GeneralSecurityException, IOException {
        KeyStore keyStore = this.sslConfig.getKeyStore();
        if (keyStore == null) {
            String defaultType = KeyStore.getDefaultType();
            if (this.sslLog) {
                logger.info("ssl(" + this.channelID + ") create KeyStore using '" + defaultType + "'");
            }
            keyStore = KeyStore.getInstance(defaultType);
        }
        return keyStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyManagerFactory createKeyManagerFactory(KeyStore keyStore) throws GeneralSecurityException, IOException {
        String keyPassword = this.sslConfig.getKeyPassword();
        char[] charArray = keyPassword == null ? ArrayUtils.EMPTY_CHAR_ARRAY : keyPassword.toCharArray();
        if (this.sslConfig.getAuthType() == SslAuthKeyType.JKS) {
            String str = (String) Objects.requireNonNull(this.sslConfig.getJksResource());
            if (this.sslLog) {
                logger.info("ssl(" + this.channelID + ") loadKeyStore by JKS, " + str);
            }
            InputStream resourceAsStream = ResourcesUtils.getResourceAsStream(str);
            Throwable th = null;
            try {
                SslUtils.loadKeyStore(keyStore, resourceAsStream, charArray);
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
            } catch (Throwable th3) {
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                throw th3;
            }
        } else if (this.sslConfig.getAuthType() == SslAuthKeyType.PEM) {
            String str2 = (String) Objects.requireNonNull(this.sslConfig.getPemPrivate(), "key required for servers");
            String str3 = (String) Objects.requireNonNull(this.sslConfig.getPemCertChain(), "keyCertChain");
            if (this.sslLog) {
                logger.info("ssl(" + this.channelID + ") loadKeyStore by PEM pemPrivate = " + str2 + ", pemCertChain = " + str3);
            }
            InputStream resourceAsStream2 = ResourcesUtils.getResourceAsStream(str3);
            Throwable th5 = null;
            try {
                try {
                    X509Certificate[] x509Certificates = SslUtils.toX509Certificates(resourceAsStream2);
                    if (resourceAsStream2 != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream2.close();
                            } catch (Throwable th6) {
                                th5.addSuppressed(th6);
                            }
                        } else {
                            resourceAsStream2.close();
                        }
                    }
                    resourceAsStream2 = ResourcesUtils.getResourceAsStream(str2);
                    Throwable th7 = null;
                    try {
                        try {
                            PrivateKey privateKey = SslUtils.toPrivateKey(resourceAsStream2, keyPassword);
                            if (resourceAsStream2 != null) {
                                if (0 != 0) {
                                    try {
                                        resourceAsStream2.close();
                                    } catch (Throwable th8) {
                                        th7.addSuppressed(th8);
                                    }
                                } else {
                                    resourceAsStream2.close();
                                }
                            }
                            SslUtils.loadKeyStore(keyStore, x509Certificates, privateKey, charArray);
                        } finally {
                        }
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } else if (this.sslLog) {
            logger.info("ssl(" + this.channelID + ") loadKeyStore ignore.");
        }
        return SslUtils.buildKeyManagerFactory(keyStore, charArray, this.sslConfig.getKeyManagerFactory());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TrustManagerFactory getTrustManagers(KeyStore keyStore) throws GeneralSecurityException, IOException {
        TrustManagerFactory trustManagerFactory = this.sslConfig.getTrustManagerFactory();
        TrustManager[] trustManagers = this.sslConfig.getTrustManagers();
        if (trustManagerFactory == null) {
            trustManagerFactory = (trustManagers == null || trustManagers.length <= 0) ? TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) : new SslTmfWrapper(trustManagers);
        }
        SslUtils.buildTrustManagerFactory(keyStore, trustManagerFactory);
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    protected abstract SSLContext createSSLContext() throws GeneralSecurityException, IOException;

    protected abstract SSLEngine configSslEngine(SSLContext sSLContext, SSLEngine sSLEngine) throws IOException;

    public ProtoStatus handRcv(ProtoRcvQueue<ByteBuf> protoRcvQueue, ProtoSndQueue<ByteBuf> protoSndQueue, ProtoRcvQueue<ByteBuf> protoRcvQueue2, ProtoSndQueue<ByteBuf> protoSndQueue2) throws IOException {
        if (!this.sslStatus) {
            protoSndQueue.offerMessage(protoRcvQueue.takeMessage(Math.min(protoRcvQueue.queueSize(), protoSndQueue.slotSize())));
            protoSndQueue2.offerMessage(protoRcvQueue2.takeMessage(Math.min(protoRcvQueue2.queueSize(), protoSndQueue2.slotSize())));
            return ProtoStatus.Next;
        }
        if (protoSndQueue.hasSlot() && protoSndQueue2.hasSlot()) {
            if (this.sslHandler.tryHandshake(true, protoRcvQueue, protoSndQueue, protoRcvQueue2, protoSndQueue2)) {
                this.sslHandler.handlerRcv(protoRcvQueue, protoSndQueue, protoRcvQueue2, protoSndQueue2);
            }
            return ProtoStatus.Next;
        }
        if (this.netLog) {
            logger.info("sslRcv(" + this.channelID + ") rcvDown or sndDown Buffer is full.");
        }
        return ProtoStatus.Next;
    }

    public ProtoStatus handSnd(ProtoRcvQueue<ByteBuf> protoRcvQueue, ProtoSndQueue<ByteBuf> protoSndQueue, ProtoRcvQueue<ByteBuf> protoRcvQueue2, ProtoSndQueue<ByteBuf> protoSndQueue2) throws IOException {
        if (!this.sslStatus) {
            protoSndQueue.offerMessage(protoRcvQueue.takeMessage(Math.min(protoRcvQueue.queueSize(), protoSndQueue.slotSize())));
            protoSndQueue2.offerMessage(protoRcvQueue2.takeMessage(Math.min(protoRcvQueue2.queueSize(), protoSndQueue2.slotSize())));
            return ProtoStatus.Next;
        }
        if (protoSndQueue.hasSlot() && protoSndQueue2.hasSlot()) {
            if (this.sslHandler.tryHandshake(false, protoRcvQueue, protoSndQueue, protoRcvQueue2, protoSndQueue2)) {
                this.sslHandler.handlerSnd(protoRcvQueue, protoSndQueue, protoRcvQueue2, protoSndQueue2);
            }
            return ProtoStatus.Next;
        }
        if (this.netLog) {
            logger.info("sslSnd(" + this.channelID + ") rcvDown or sndDown Buffer is full.");
        }
        return ProtoStatus.Next;
    }

    @Override // net.hasor.neta.handler.ssl.SslContext
    public void closeSSL() {
        if (this.sslStatus) {
            SslEngineWrap engine = getEngine();
            if (engine != null && !engine.isOutboundDone()) {
                engine.closeOutbound();
                try {
                    this.protoCtx.flush();
                } catch (IOException e) {
                    if (this.sslLog) {
                        logger.error("ssl(" + this.channelID + ") closeSSL, flash close_notify failed, " + e.getMessage(), e);
                    } else {
                        logger.error("ssl(" + this.channelID + ") closeSSL, flash close_notify failed, " + e.getMessage());
                    }
                }
            }
            this.sslStatus = this.sslMode == SslMode.Always;
        }
    }

    @Override // net.hasor.neta.handler.ssl.SslContext
    public void openSSL() {
        this.sslStatus = true;
    }
}
