package io.netty.handler.ssl;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.Unpooled;
import io.netty.util.internal.EmptyArrays;
import io.netty.util.internal.ObjectUtil;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.nio.ByteBuffer;
import java.nio.ReadOnlyBufferException;
import java.security.Principal;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicIntegerFieldUpdater;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionBindingEvent;
import javax.net.ssl.SSLSessionBindingListener;
import javax.net.ssl.SSLSessionContext;
import javax.security.cert.CertificateException;
import javax.security.cert.X509Certificate;
import org.apache.tomcat.jni.Buffer;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.util.net.Constants;
import org.springframework.asm.Opcodes;

/* loaded from: input_file:lib/netty-handler-4.0.27.Final.jar:io/netty/handler/ssl/OpenSslEngine.class */
public final class OpenSslEngine extends SSLEngine {
    private static final InternalLogger logger = InternalLoggerFactory.getInstance((Class<?>) OpenSslEngine.class);
    private static final Certificate[] EMPTY_CERTIFICATES = new Certificate[0];
    private static final SSLException ENGINE_CLOSED = new SSLException("engine closed");
    private static final SSLException RENEGOTIATION_UNSUPPORTED = new SSLException("renegotiation unsupported");
    private static final SSLException ENCRYPTED_PACKET_OVERSIZED = new SSLException("encrypted packet oversized");
    private static final int MAX_PLAINTEXT_LENGTH = 16384;
    private static final int MAX_COMPRESSED_LENGTH = 17408;
    private static final int MAX_CIPHERTEXT_LENGTH = 18432;
    private static final String PROTOCOL_SSL_V2_HELLO = "SSLv2Hello";
    private static final String PROTOCOL_SSL_V2 = "SSLv2";
    private static final String PROTOCOL_SSL_V3 = "SSLv3";
    private static final String PROTOCOL_TLS_V1 = "TLSv1";
    private static final String PROTOCOL_TLS_V1_1 = "TLSv1.1";
    private static final String PROTOCOL_TLS_V1_2 = "TLSv1.2";
    private static final String[] SUPPORTED_PROTOCOLS;
    private static final Set<String> SUPPORTED_PROTOCOLS_SET;
    static final int MAX_ENCRYPTED_PACKET_LENGTH = 18713;
    static final int MAX_ENCRYPTION_OVERHEAD_LENGTH = 2329;
    private static final AtomicIntegerFieldUpdater<OpenSslEngine> DESTROYED_UPDATER;
    private static final String INVALID_CIPHER = "SSL_NULL_WITH_NULL_NULL";
    private static final long EMPTY_ADDR;
    private long ssl;
    private long networkBIO;
    private int accepted;
    private boolean handshakeFinished;
    private boolean receivedShutdown;
    private volatile int destroyed;
    private volatile String cipher;
    private volatile String applicationProtocol;
    private volatile Certificate[] peerCerts;
    private volatile ClientAuthMode clientAuth;
    private boolean isInboundDone;
    private boolean isOutboundDone;
    private boolean engineClosed;
    private final boolean clientMode;
    private final ByteBufAllocator alloc;
    private final String fallbackApplicationProtocol;
    private final OpenSslSessionContext sessionContext;
    private final OpenSslEngineMap engineMap;
    private final SSLSession session;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:lib/netty-handler-4.0.27.Final.jar:io/netty/handler/ssl/OpenSslEngine$ClientAuthMode.class */
    public enum ClientAuthMode {
        NONE,
        OPTIONAL,
        REQUIRE
    }

    /* loaded from: input_file:lib/netty-handler-4.0.27.Final.jar:io/netty/handler/ssl/OpenSslEngine$OpenSslSession.class */
    private final class OpenSslSession implements SSLSession {
        private X509Certificate[] x509PeerCerts;
        private Map<String, Object> values;

        private OpenSslSession() {
        }

        @Override // javax.net.ssl.SSLSession
        public byte[] getId() {
            byte[] sessionId = SSL.getSessionId(OpenSslEngine.this.ssl);
            if (sessionId == null) {
                throw new IllegalStateException("SSL session ID not available");
            }
            return sessionId;
        }

        @Override // javax.net.ssl.SSLSession
        public SSLSessionContext getSessionContext() {
            return OpenSslEngine.this.sessionContext;
        }

        @Override // javax.net.ssl.SSLSession
        public long getCreationTime() {
            return SSL.getTime(OpenSslEngine.this.ssl) * 1000;
        }

        @Override // javax.net.ssl.SSLSession
        public long getLastAccessedTime() {
            return getCreationTime();
        }

        @Override // javax.net.ssl.SSLSession
        public void invalidate() {
        }

        @Override // javax.net.ssl.SSLSession
        public boolean isValid() {
            return false;
        }

        @Override // javax.net.ssl.SSLSession
        public void putValue(String str, Object obj) {
            ObjectUtil.checkNotNull(str, "name");
            ObjectUtil.checkNotNull(obj, "value");
            Map<String, Object> map = this.values;
            if (map == null) {
                HashMap hashMap = new HashMap(2);
                this.values = hashMap;
                map = hashMap;
            }
            Object put = map.put(str, obj);
            if (obj instanceof SSLSessionBindingListener) {
                ((SSLSessionBindingListener) obj).valueBound(new SSLSessionBindingEvent(this, str));
            }
            notifyUnbound(put, str);
        }

        @Override // javax.net.ssl.SSLSession
        public Object getValue(String str) {
            ObjectUtil.checkNotNull(str, "name");
            if (this.values == null) {
                return null;
            }
            return this.values.get(str);
        }

        @Override // javax.net.ssl.SSLSession
        public void removeValue(String str) {
            ObjectUtil.checkNotNull(str, "name");
            Map<String, Object> map = this.values;
            if (map == null) {
                return;
            }
            notifyUnbound(map.remove(str), str);
        }

        @Override // javax.net.ssl.SSLSession
        public String[] getValueNames() {
            Map<String, Object> map = this.values;
            return (map == null || map.isEmpty()) ? EmptyArrays.EMPTY_STRINGS : (String[]) map.keySet().toArray(new String[map.size()]);
        }

        private void notifyUnbound(Object obj, String str) {
            if (obj instanceof SSLSessionBindingListener) {
                ((SSLSessionBindingListener) obj).valueUnbound(new SSLSessionBindingEvent(this, str));
            }
        }

        @Override // javax.net.ssl.SSLSession
        public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
            Certificate[] certificateArr = OpenSslEngine.this.peerCerts;
            if (certificateArr == null) {
                if (SSL.isInInit(OpenSslEngine.this.ssl) != 0) {
                    throw new SSLPeerUnverifiedException("peer not verified");
                }
                certificateArr = OpenSslEngine.this.peerCerts = initPeerCertChain();
            }
            return certificateArr;
        }

        private Certificate[] initPeerCertChain() throws SSLPeerUnverifiedException {
            Certificate[] certificateArr;
            byte[][] peerCertChain = SSL.getPeerCertChain(OpenSslEngine.this.ssl);
            byte[] peerCertificate = !OpenSslEngine.this.clientMode ? SSL.getPeerCertificate(OpenSslEngine.this.ssl) : null;
            if (peerCertChain == null && peerCertificate == null) {
                throw new SSLPeerUnverifiedException("peer not verified");
            }
            int i = 0;
            if (peerCertChain != null) {
                i = 0 + peerCertChain.length;
            }
            int i2 = 0;
            if (peerCertificate != null) {
                certificateArr = new Certificate[i + 1];
                i2 = 0 + 1;
                certificateArr[0] = new OpenSslX509Certificate(peerCertificate);
            } else {
                certificateArr = new Certificate[i];
            }
            if (peerCertChain != null) {
                int i3 = 0;
                while (i2 < certificateArr.length) {
                    int i4 = i3;
                    i3++;
                    certificateArr[i2] = new OpenSslX509Certificate(peerCertChain[i4]);
                    i2++;
                }
            }
            return certificateArr;
        }

        @Override // javax.net.ssl.SSLSession
        public Certificate[] getLocalCertificates() {
            return OpenSslEngine.EMPTY_CERTIFICATES;
        }

        @Override // javax.net.ssl.SSLSession
        public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
            X509Certificate[] x509CertificateArr = this.x509PeerCerts;
            if (x509CertificateArr == null) {
                if (SSL.isInInit(OpenSslEngine.this.ssl) != 0) {
                    throw new SSLPeerUnverifiedException("peer not verified");
                }
                byte[][] peerCertChain = SSL.getPeerCertChain(OpenSslEngine.this.ssl);
                if (peerCertChain == null) {
                    throw new SSLPeerUnverifiedException("peer not verified");
                }
                X509Certificate[] x509CertificateArr2 = new X509Certificate[peerCertChain.length];
                for (int i = 0; i < x509CertificateArr2.length; i++) {
                    try {
                        x509CertificateArr2[i] = X509Certificate.getInstance(peerCertChain[i]);
                    } catch (CertificateException e) {
                        throw new IllegalStateException(e);
                    }
                }
                this.x509PeerCerts = x509CertificateArr2;
                x509CertificateArr = x509CertificateArr2;
            }
            return x509CertificateArr;
        }

        @Override // javax.net.ssl.SSLSession
        public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
            Certificate[] peerCertificates = getPeerCertificates();
            if (peerCertificates == null || peerCertificates.length == 0) {
                return null;
            }
            return principal(peerCertificates);
        }

        @Override // javax.net.ssl.SSLSession
        public Principal getLocalPrincipal() {
            Certificate[] localCertificates = getLocalCertificates();
            if (localCertificates == null || localCertificates.length == 0) {
                return null;
            }
            return principal(localCertificates);
        }

        private Principal principal(Certificate[] certificateArr) {
            return ((java.security.cert.X509Certificate) certificateArr[0]).getIssuerX500Principal();
        }

        @Override // javax.net.ssl.SSLSession
        public String getCipherSuite() {
            String javaCipherSuite;
            if (!OpenSslEngine.this.handshakeFinished) {
                return OpenSslEngine.INVALID_CIPHER;
            }
            if (OpenSslEngine.this.cipher == null && (javaCipherSuite = OpenSslEngine.this.toJavaCipherSuite(SSL.getCipherForSSL(OpenSslEngine.this.ssl))) != null) {
                OpenSslEngine.this.cipher = javaCipherSuite;
            }
            return OpenSslEngine.this.cipher;
        }

        @Override // javax.net.ssl.SSLSession
        public String getProtocol() {
            String str = OpenSslEngine.this.applicationProtocol;
            if (str == null) {
                str = SSL.getNextProtoNegotiated(OpenSslEngine.this.ssl);
                if (str == null) {
                    str = OpenSslEngine.this.fallbackApplicationProtocol;
                }
                if (str != null) {
                    OpenSslEngine.this.applicationProtocol = str.replace(':', '_');
                } else {
                    str = "";
                    OpenSslEngine.this.applicationProtocol = "";
                }
            }
            String version = SSL.getVersion(OpenSslEngine.this.ssl);
            return str.isEmpty() ? version : version + ':' + str;
        }

        @Override // javax.net.ssl.SSLSession
        public String getPeerHost() {
            return null;
        }

        @Override // javax.net.ssl.SSLSession
        public int getPeerPort() {
            return 0;
        }

        @Override // javax.net.ssl.SSLSession
        public int getPacketBufferSize() {
            return OpenSslEngine.MAX_ENCRYPTED_PACKET_LENGTH;
        }

        @Override // javax.net.ssl.SSLSession
        public int getApplicationBufferSize() {
            return 16384;
        }
    }

    @Deprecated
    public OpenSslEngine(long j, ByteBufAllocator byteBufAllocator, String str) {
        this(j, byteBufAllocator, str, false, null, OpenSslEngineMap.EMPTY);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenSslEngine(long j, ByteBufAllocator byteBufAllocator, String str, boolean z, OpenSslSessionContext openSslSessionContext, OpenSslEngineMap openSslEngineMap) {
        this.clientAuth = ClientAuthMode.NONE;
        this.session = new OpenSslSession();
        OpenSsl.ensureAvailability();
        if (j == 0) {
            throw new NullPointerException("sslCtx");
        }
        this.alloc = (ByteBufAllocator) ObjectUtil.checkNotNull(byteBufAllocator, "alloc");
        this.ssl = SSL.newSSL(j, !z);
        this.networkBIO = SSL.makeNetworkBIO(this.ssl);
        this.fallbackApplicationProtocol = str;
        this.clientMode = z;
        this.sessionContext = openSslSessionContext;
        this.engineMap = openSslEngineMap;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLSession getHandshakeSession() {
        if (this.accepted > 0) {
            return this.session;
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long ssl() {
        return this.ssl;
    }

    public synchronized void shutdown() {
        if (DESTROYED_UPDATER.compareAndSet(this, 0, 1)) {
            this.engineMap.remove(this.ssl);
            SSL.freeSSL(this.ssl);
            SSL.freeBIO(this.networkBIO);
            this.networkBIO = 0L;
            this.ssl = 0L;
            this.engineClosed = true;
            this.isOutboundDone = true;
            this.isInboundDone = true;
        }
    }

    private int writePlaintextData(ByteBuffer byteBuffer) {
        int writeToSSL;
        int position = byteBuffer.position();
        int limit = byteBuffer.limit();
        int min = Math.min(limit - position, 16384);
        if (byteBuffer.isDirect()) {
            writeToSSL = SSL.writeToSSL(this.ssl, Buffer.address(byteBuffer) + position, min);
            if (writeToSSL > 0) {
                byteBuffer.position(position + writeToSSL);
                return writeToSSL;
            }
        } else {
            ByteBuf directBuffer = this.alloc.directBuffer(min);
            try {
                long memoryAddress = memoryAddress(directBuffer);
                byteBuffer.limit(position + min);
                directBuffer.setBytes(0, byteBuffer);
                byteBuffer.limit(limit);
                writeToSSL = SSL.writeToSSL(this.ssl, memoryAddress, min);
                if (writeToSSL > 0) {
                    byteBuffer.position(position + writeToSSL);
                    directBuffer.release();
                    return writeToSSL;
                }
                byteBuffer.position(position);
                directBuffer.release();
            } catch (Throwable th) {
                directBuffer.release();
                throw th;
            }
        }
        throw new IllegalStateException("SSL.writeToSSL() returned a non-positive value: " + writeToSSL);
    }

    private int writeEncryptedData(ByteBuffer byteBuffer) {
        int position = byteBuffer.position();
        int remaining = byteBuffer.remaining();
        if (byteBuffer.isDirect()) {
            int writeToBIO = SSL.writeToBIO(this.networkBIO, Buffer.address(byteBuffer) + position, remaining);
            if (writeToBIO < 0) {
                return -1;
            }
            byteBuffer.position(position + writeToBIO);
            return writeToBIO;
        }
        ByteBuf directBuffer = this.alloc.directBuffer(remaining);
        try {
            long memoryAddress = memoryAddress(directBuffer);
            directBuffer.setBytes(0, byteBuffer);
            int writeToBIO2 = SSL.writeToBIO(this.networkBIO, memoryAddress, remaining);
            if (writeToBIO2 >= 0) {
                byteBuffer.position(position + writeToBIO2);
                directBuffer.release();
                return writeToBIO2;
            }
            byteBuffer.position(position);
            directBuffer.release();
            return -1;
        } catch (Throwable th) {
            directBuffer.release();
            throw th;
        }
    }

    private int readPlaintextData(ByteBuffer byteBuffer) {
        if (byteBuffer.isDirect()) {
            int position = byteBuffer.position();
            int readFromSSL = SSL.readFromSSL(this.ssl, Buffer.address(byteBuffer) + position, byteBuffer.limit() - position);
            if (readFromSSL <= 0) {
                return 0;
            }
            byteBuffer.position(position + readFromSSL);
            return readFromSSL;
        }
        int position2 = byteBuffer.position();
        int limit = byteBuffer.limit();
        int min = Math.min(MAX_ENCRYPTED_PACKET_LENGTH, limit - position2);
        ByteBuf directBuffer = this.alloc.directBuffer(min);
        try {
            int readFromSSL2 = SSL.readFromSSL(this.ssl, memoryAddress(directBuffer), min);
            if (readFromSSL2 <= 0) {
                directBuffer.release();
                return 0;
            }
            byteBuffer.limit(position2 + readFromSSL2);
            directBuffer.getBytes(0, byteBuffer);
            byteBuffer.limit(limit);
            directBuffer.release();
            return readFromSSL2;
        } catch (Throwable th) {
            directBuffer.release();
            throw th;
        }
    }

    private int readEncryptedData(ByteBuffer byteBuffer, int i) {
        if (byteBuffer.isDirect() && byteBuffer.remaining() >= i) {
            int position = byteBuffer.position();
            int readFromBIO = SSL.readFromBIO(this.networkBIO, Buffer.address(byteBuffer) + position, i);
            if (readFromBIO <= 0) {
                return 0;
            }
            byteBuffer.position(position + readFromBIO);
            return readFromBIO;
        }
        ByteBuf directBuffer = this.alloc.directBuffer(i);
        try {
            int readFromBIO2 = SSL.readFromBIO(this.networkBIO, memoryAddress(directBuffer), i);
            if (readFromBIO2 <= 0) {
                directBuffer.release();
                return 0;
            }
            int limit = byteBuffer.limit();
            byteBuffer.limit(byteBuffer.position() + readFromBIO2);
            directBuffer.getBytes(0, byteBuffer);
            byteBuffer.limit(limit);
            directBuffer.release();
            return readFromBIO2;
        } catch (Throwable th) {
            directBuffer.release();
            throw th;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLEngineResult wrap(ByteBuffer[] byteBufferArr, int i, int i2, ByteBuffer byteBuffer) throws SSLException {
        if (this.destroyed != 0) {
            return new SSLEngineResult(SSLEngineResult.Status.CLOSED, SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, 0, 0);
        }
        if (byteBufferArr == null) {
            throw new IllegalArgumentException("srcs is null");
        }
        if (byteBuffer == null) {
            throw new IllegalArgumentException("dst is null");
        }
        if (i >= byteBufferArr.length || i + i2 > byteBufferArr.length) {
            throw new IndexOutOfBoundsException("offset: " + i + ", length: " + i2 + " (expected: offset <= offset + length <= srcs.length (" + byteBufferArr.length + "))");
        }
        if (byteBuffer.isReadOnly()) {
            throw new ReadOnlyBufferException();
        }
        if (this.accepted == 0) {
            beginHandshakeImplicitly();
        }
        SSLEngineResult.HandshakeStatus handshakeStatus = getHandshakeStatus();
        if ((!this.handshakeFinished || this.engineClosed) && handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
            return new SSLEngineResult(getEngineStatus(), SSLEngineResult.HandshakeStatus.NEED_UNWRAP, 0, 0);
        }
        int pendingWrittenBytesInBIO = SSL.pendingWrittenBytesInBIO(this.networkBIO);
        if (pendingWrittenBytesInBIO > 0) {
            if (byteBuffer.remaining() < pendingWrittenBytesInBIO) {
                return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, handshakeStatus, 0, 0);
            }
            try {
                int readEncryptedData = 0 + readEncryptedData(byteBuffer, pendingWrittenBytesInBIO);
                if (this.isOutboundDone) {
                    shutdown();
                }
                return new SSLEngineResult(getEngineStatus(), getHandshakeStatus(), 0, readEncryptedData);
            } catch (Exception e) {
                throw new SSLException(e);
            }
        }
        int i3 = 0;
        int i4 = i + i2;
        for (int i5 = i; i5 < i4; i5++) {
            ByteBuffer byteBuffer2 = byteBufferArr[i5];
            if (byteBuffer2 == null) {
                throw new IllegalArgumentException("srcs[" + i5 + "] is null");
            }
            while (byteBuffer2.hasRemaining()) {
                try {
                    i3 += writePlaintextData(byteBuffer2);
                    int pendingWrittenBytesInBIO2 = SSL.pendingWrittenBytesInBIO(this.networkBIO);
                    if (pendingWrittenBytesInBIO2 > 0) {
                        if (byteBuffer.remaining() < pendingWrittenBytesInBIO2) {
                            return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, getHandshakeStatus(), i3, 0);
                        }
                        try {
                            return new SSLEngineResult(getEngineStatus(), getHandshakeStatus(), i3, 0 + readEncryptedData(byteBuffer, pendingWrittenBytesInBIO2));
                        } catch (Exception e2) {
                            throw new SSLException(e2);
                        }
                    }
                } catch (Exception e3) {
                    throw new SSLException(e3);
                }
            }
        }
        return new SSLEngineResult(getEngineStatus(), getHandshakeStatus(), i3, 0);
    }

    public synchronized SSLEngineResult unwrap(ByteBuffer[] byteBufferArr, int i, int i2, ByteBuffer[] byteBufferArr2, int i3, int i4) throws SSLException {
        if (this.destroyed != 0) {
            return new SSLEngineResult(SSLEngineResult.Status.CLOSED, SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, 0, 0);
        }
        if (byteBufferArr == null) {
            throw new NullPointerException("srcs");
        }
        if (i >= byteBufferArr.length || i + i2 > byteBufferArr.length) {
            throw new IndexOutOfBoundsException("offset: " + i + ", length: " + i2 + " (expected: offset <= offset + length <= srcs.length (" + byteBufferArr.length + "))");
        }
        if (byteBufferArr2 == null) {
            throw new IllegalArgumentException("dsts is null");
        }
        if (i3 >= byteBufferArr2.length || i3 + i4 > byteBufferArr2.length) {
            throw new IndexOutOfBoundsException("offset: " + i3 + ", length: " + i4 + " (expected: offset <= offset + length <= dsts.length (" + byteBufferArr2.length + "))");
        }
        int i5 = 0;
        int i6 = i3 + i4;
        for (int i7 = i3; i7 < i6; i7++) {
            ByteBuffer byteBuffer = byteBufferArr2[i7];
            if (byteBuffer == null) {
                throw new IllegalArgumentException("dsts[" + i7 + "] is null");
            }
            if (byteBuffer.isReadOnly()) {
                throw new ReadOnlyBufferException();
            }
            i5 += byteBuffer.remaining();
        }
        if (this.accepted == 0) {
            beginHandshakeImplicitly();
        }
        SSLEngineResult.HandshakeStatus handshakeStatus = getHandshakeStatus();
        if ((!this.handshakeFinished || this.engineClosed) && handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
            return new SSLEngineResult(getEngineStatus(), SSLEngineResult.HandshakeStatus.NEED_WRAP, 0, 0);
        }
        int i8 = i + i2;
        int i9 = 0;
        for (int i10 = i; i10 < i8; i10++) {
            ByteBuffer byteBuffer2 = byteBufferArr[i10];
            if (byteBuffer2 == null) {
                throw new IllegalArgumentException("srcs[" + i10 + "] is null");
            }
            i9 += byteBuffer2.remaining();
        }
        if (i9 > MAX_ENCRYPTED_PACKET_LENGTH) {
            this.isInboundDone = true;
            this.isOutboundDone = true;
            this.engineClosed = true;
            shutdown();
            throw ENCRYPTED_PACKET_OVERSIZED;
        }
        int i11 = -1;
        while (i < i8) {
            try {
                ByteBuffer byteBuffer3 = byteBufferArr[i];
                int remaining = byteBuffer3.remaining();
                int writeEncryptedData = writeEncryptedData(byteBuffer3);
                if (writeEncryptedData < 0) {
                    break;
                }
                i11 = i11 == -1 ? writeEncryptedData : i11 + writeEncryptedData;
                if (writeEncryptedData != remaining) {
                    if (writeEncryptedData == 0) {
                        break;
                    }
                } else {
                    i++;
                }
            } catch (Exception e) {
                throw new SSLException(e);
            }
        }
        if (i11 >= 0) {
            int readFromSSL = SSL.readFromSSL(this.ssl, EMPTY_ADDR, 0);
            if (readFromSSL <= 0) {
                long lastErrorNumber = SSL.getLastErrorNumber();
                if (OpenSsl.isError(lastErrorNumber)) {
                    String errorString = SSL.getErrorString(lastErrorNumber);
                    if (logger.isDebugEnabled()) {
                        logger.debug("SSL_read failed: primingReadResult: " + readFromSSL + "; OpenSSL error: '" + errorString + '\'');
                    }
                    shutdown();
                    throw new SSLException(errorString);
                }
            }
        } else {
            i11 = 0;
        }
        int pendingReadableBytesInSSL = (this.handshakeFinished || SSL.isInInit(this.ssl) == 0) ? SSL.pendingReadableBytesInSSL(this.ssl) : 0;
        int i12 = 0;
        if (pendingReadableBytesInSSL > 0) {
            if (i5 < pendingReadableBytesInSSL) {
                return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, getHandshakeStatus(), i11, 0);
            }
            int i13 = i3;
            while (i13 < i6) {
                ByteBuffer byteBuffer4 = byteBufferArr2[i13];
                if (!byteBuffer4.hasRemaining()) {
                    i13++;
                } else {
                    if (pendingReadableBytesInSSL <= 0) {
                        break;
                    }
                    try {
                        int readPlaintextData = readPlaintextData(byteBuffer4);
                        if (readPlaintextData == 0) {
                            break;
                        }
                        i12 += readPlaintextData;
                        pendingReadableBytesInSSL -= readPlaintextData;
                        if (!byteBuffer4.hasRemaining()) {
                            i13++;
                        }
                    } catch (Exception e2) {
                        throw new SSLException(e2);
                    }
                }
            }
        }
        if (!this.receivedShutdown && (SSL.getShutdown(this.ssl) & 2) == 2) {
            this.receivedShutdown = true;
            closeOutbound();
            closeInbound();
        }
        return new SSLEngineResult(getEngineStatus(), getHandshakeStatus(), i11, i12);
    }

    public SSLEngineResult unwrap(ByteBuffer[] byteBufferArr, ByteBuffer[] byteBufferArr2) throws SSLException {
        return unwrap(byteBufferArr, 0, byteBufferArr.length, byteBufferArr2, 0, byteBufferArr2.length);
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr, int i, int i2) throws SSLException {
        return unwrap(new ByteBuffer[]{byteBuffer}, 0, 1, byteBufferArr, i, i2);
    }

    @Override // javax.net.ssl.SSLEngine
    public Runnable getDelegatedTask() {
        return null;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void closeInbound() throws SSLException {
        if (this.isInboundDone) {
            return;
        }
        this.isInboundDone = true;
        this.engineClosed = true;
        shutdown();
        if (this.accepted != 0 && !this.receivedShutdown) {
            throw new SSLException("Inbound closed before receiving peer's close_notify: possible truncation attack?");
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean isInboundDone() {
        return this.isInboundDone || this.engineClosed;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void closeOutbound() {
        if (this.isOutboundDone) {
            return;
        }
        this.isOutboundDone = true;
        this.engineClosed = true;
        if (this.accepted == 0 || this.destroyed != 0) {
            shutdown();
        } else if ((SSL.getShutdown(this.ssl) & 1) != 1) {
            SSL.shutdownSSL(this.ssl);
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean isOutboundDone() {
        return this.isOutboundDone;
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedCipherSuites() {
        Set<String> availableCipherSuites = OpenSsl.availableCipherSuites();
        return (String[]) availableCipherSuites.toArray(new String[availableCipherSuites.size()]);
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getEnabledCipherSuites() {
        String[] ciphers = SSL.getCiphers(this.ssl);
        if (ciphers == null) {
            return EmptyArrays.EMPTY_STRINGS;
        }
        for (int i = 0; i < ciphers.length; i++) {
            String javaCipherSuite = toJavaCipherSuite(ciphers[i]);
            if (javaCipherSuite != null) {
                ciphers[i] = javaCipherSuite;
            }
        }
        return ciphers;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnabledCipherSuites(String[] strArr) {
        String str;
        ObjectUtil.checkNotNull(strArr, "cipherSuites");
        StringBuilder sb = new StringBuilder();
        int length = strArr.length;
        for (int i = 0; i < length && (str = strArr[i]) != null; i++) {
            String openSsl = CipherSuiteConverter.toOpenSsl(str);
            if (openSsl == null) {
                openSsl = str;
            }
            if (!OpenSsl.isCipherSuiteAvailable(openSsl)) {
                throw new IllegalArgumentException("unsupported cipher suite: " + str + '(' + openSsl + ')');
            }
            sb.append(openSsl);
            sb.append(':');
        }
        if (sb.length() == 0) {
            throw new IllegalArgumentException("empty cipher suites");
        }
        sb.setLength(sb.length() - 1);
        String sb2 = sb.toString();
        try {
            SSL.setCipherSuites(this.ssl, sb2);
        } catch (Exception e) {
            throw new IllegalStateException("failed to enable cipher suites: " + sb2, e);
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedProtocols() {
        return (String[]) SUPPORTED_PROTOCOLS.clone();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getEnabledProtocols() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(PROTOCOL_SSL_V2_HELLO);
        int options = SSL.getOptions(this.ssl);
        if ((options & SSL.SSL_OP_NO_TLSv1) == 0) {
            arrayList.add("TLSv1");
        }
        if ((options & 134217728) == 0) {
            arrayList.add("TLSv1.1");
        }
        if ((options & 268435456) == 0) {
            arrayList.add("TLSv1.2");
        }
        if ((options & 16777216) == 0) {
            arrayList.add("SSLv2");
        }
        if ((options & 33554432) == 0) {
            arrayList.add("SSLv3");
        }
        int size = arrayList.size();
        return size == 0 ? EmptyArrays.EMPTY_STRINGS : (String[]) arrayList.toArray(new String[size]);
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnabledProtocols(String[] strArr) {
        if (strArr == null) {
            throw new IllegalArgumentException();
        }
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        for (String str : strArr) {
            if (!SUPPORTED_PROTOCOLS_SET.contains(str)) {
                throw new IllegalArgumentException("Protocol " + str + " is not supported.");
            }
            if (str.equals("SSLv2")) {
                z = true;
            } else if (str.equals("SSLv3")) {
                z2 = true;
            } else if (str.equals("TLSv1")) {
                z3 = true;
            } else if (str.equals("TLSv1.1")) {
                z4 = true;
            } else if (str.equals("TLSv1.2")) {
                z5 = true;
            }
        }
        SSL.setOptions(this.ssl, 4095);
        if (!z) {
            SSL.setOptions(this.ssl, 16777216);
        }
        if (!z2) {
            SSL.setOptions(this.ssl, 33554432);
        }
        if (!z3) {
            SSL.setOptions(this.ssl, SSL.SSL_OP_NO_TLSv1);
        }
        if (!z4) {
            SSL.setOptions(this.ssl, 134217728);
        }
        if (z5) {
            return;
        }
        SSL.setOptions(this.ssl, 268435456);
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLSession getSession() {
        return this.session;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void beginHandshake() throws SSLException {
        if (this.engineClosed || this.destroyed != 0) {
            throw ENGINE_CLOSED;
        }
        switch (this.accepted) {
            case 0:
                handshake();
                this.accepted = 2;
                return;
            case 1:
                this.accepted = 2;
                return;
            case 2:
                throw RENEGOTIATION_UNSUPPORTED;
            default:
                throw new Error();
        }
    }

    private void beginHandshakeImplicitly() throws SSLException {
        if (this.engineClosed || this.destroyed != 0) {
            throw ENGINE_CLOSED;
        }
        if (this.accepted == 0) {
            handshake();
            this.accepted = 1;
        }
    }

    private void handshake() throws SSLException {
        if (SSL.doHandshake(this.ssl) > 0) {
            this.handshakeFinished = true;
            return;
        }
        long lastErrorNumber = SSL.getLastErrorNumber();
        if (OpenSsl.isError(lastErrorNumber)) {
            String errorString = SSL.getErrorString(lastErrorNumber);
            if (logger.isDebugEnabled()) {
                logger.debug("SSL_do_handshake failed: OpenSSL error: '" + errorString + '\'');
            }
            shutdown();
            throw new SSLException(errorString);
        }
    }

    private static long memoryAddress(ByteBuf byteBuf) {
        return byteBuf.hasMemoryAddress() ? byteBuf.memoryAddress() : Buffer.address(byteBuf.nioBuffer());
    }

    private SSLEngineResult.Status getEngineStatus() {
        return this.engineClosed ? SSLEngineResult.Status.CLOSED : SSLEngineResult.Status.OK;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLEngineResult.HandshakeStatus getHandshakeStatus() {
        if (this.accepted == 0 || this.destroyed != 0) {
            return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
        }
        if (this.handshakeFinished) {
            return this.engineClosed ? SSL.pendingWrittenBytesInBIO(this.networkBIO) != 0 ? SSLEngineResult.HandshakeStatus.NEED_WRAP : SSLEngineResult.HandshakeStatus.NEED_UNWRAP : SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
        }
        if (SSL.pendingWrittenBytesInBIO(this.networkBIO) != 0) {
            return SSLEngineResult.HandshakeStatus.NEED_WRAP;
        }
        if (SSL.isInInit(this.ssl) != 0) {
            return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
        }
        this.handshakeFinished = true;
        return SSLEngineResult.HandshakeStatus.FINISHED;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String toJavaCipherSuite(String str) {
        if (str == null) {
            return null;
        }
        return CipherSuiteConverter.toJava(str, toJavaCipherSuitePrefix(SSL.getVersion(this.ssl)));
    }

    private static String toJavaCipherSuitePrefix(String str) {
        switch ((str == null || str.length() == 0) ? (char) 0 : str.charAt(0)) {
            case 'S':
                return ch.qos.logback.core.net.ssl.SSL.DEFAULT_PROTOCOL;
            case Opcodes.BASTORE /* 84 */:
                return Constants.SSL_PROTO_TLS;
            default:
                return "UNKNOWN";
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public void setUseClientMode(boolean z) {
        if (z != this.clientMode) {
            throw new UnsupportedOperationException();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getUseClientMode() {
        return this.clientMode;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setNeedClientAuth(boolean z) {
        setClientAuth(z ? ClientAuthMode.REQUIRE : ClientAuthMode.NONE);
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getNeedClientAuth() {
        return this.clientAuth == ClientAuthMode.REQUIRE;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setWantClientAuth(boolean z) {
        setClientAuth(z ? ClientAuthMode.OPTIONAL : ClientAuthMode.NONE);
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getWantClientAuth() {
        return this.clientAuth == ClientAuthMode.OPTIONAL;
    }

    private void setClientAuth(ClientAuthMode clientAuthMode) {
        if (this.clientMode) {
            return;
        }
        synchronized (this) {
            if (this.clientAuth == clientAuthMode) {
                return;
            }
            switch (clientAuthMode) {
                case NONE:
                    SSL.setVerify(this.ssl, 0, 10);
                    break;
                case REQUIRE:
                    SSL.setVerify(this.ssl, 2, 10);
                    break;
                case OPTIONAL:
                    SSL.setVerify(this.ssl, 1, 10);
                    break;
            }
            this.clientAuth = clientAuthMode;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnableSessionCreation(boolean z) {
        if (z) {
            throw new UnsupportedOperationException();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getEnableSessionCreation() {
        return false;
    }

    protected void finalize() throws Throwable {
        super.finalize();
        shutdown();
    }

    static {
        ENGINE_CLOSED.setStackTrace(EmptyArrays.EMPTY_STACK_TRACE);
        RENEGOTIATION_UNSUPPORTED.setStackTrace(EmptyArrays.EMPTY_STACK_TRACE);
        ENCRYPTED_PACKET_OVERSIZED.setStackTrace(EmptyArrays.EMPTY_STACK_TRACE);
        AtomicIntegerFieldUpdater<OpenSslEngine> newAtomicIntegerFieldUpdater = PlatformDependent.newAtomicIntegerFieldUpdater(OpenSslEngine.class, "destroyed");
        if (newAtomicIntegerFieldUpdater == null) {
            newAtomicIntegerFieldUpdater = AtomicIntegerFieldUpdater.newUpdater(OpenSslEngine.class, "destroyed");
        }
        DESTROYED_UPDATER = newAtomicIntegerFieldUpdater;
        SUPPORTED_PROTOCOLS = new String[]{PROTOCOL_SSL_V2_HELLO, "SSLv2", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"};
        SUPPORTED_PROTOCOLS_SET = new HashSet(Arrays.asList(SUPPORTED_PROTOCOLS));
        EMPTY_ADDR = Buffer.address(Unpooled.EMPTY_BUFFER.nioBuffer());
    }
}
