package org.jivesoftware.openfire.net;

import java.nio.ByteBuffer;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.util.Arrays;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.spi.ConnectionConfiguration;
import org.jivesoftware.openfire.spi.EncryptionArtifactFactory;
import org.jivesoftware.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jivesoftware/openfire/net/TLSWrapper.class */
public class TLSWrapper {
    private static final Logger Log = LoggerFactory.getLogger(TLSWrapper.class);
    private boolean logging;
    private SSLEngine tlsEngine;
    private SSLEngineResult tlsEngineResult;
    private int netBuffSize;
    private int appBuffSize;
    private boolean resultOnce;

    /* renamed from: org.jivesoftware.openfire.net.TLSWrapper$1, reason: invalid class name */
    /* loaded from: input_file:org/jivesoftware/openfire/net/TLSWrapper$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    @Deprecated
    public TLSWrapper(Connection connection, boolean z, boolean z2, String str) {
        this(connection.getConfiguration(), z);
    }

    public TLSWrapper(ConnectionConfiguration connectionConfiguration, boolean z) {
        this.logging = false;
        this.resultOnce = true;
        try {
            EncryptionArtifactFactory encryptionArtifactFactory = new EncryptionArtifactFactory(connectionConfiguration);
            if (z) {
                this.tlsEngine = encryptionArtifactFactory.createClientModeSSLEngine();
            } else {
                this.tlsEngine = encryptionArtifactFactory.createServerModeSSLEngine();
            }
            SSLSession session = this.tlsEngine.getSession();
            this.netBuffSize = session.getPacketBufferSize();
            this.appBuffSize = session.getApplicationBufferSize();
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            Log.error("TLSHandler startup problem. SSLContext initialisation failed.", e);
        }
    }

    public int getNetBuffSize() {
        return this.netBuffSize;
    }

    public int getAppBuffSize() {
        return this.appBuffSize;
    }

    public boolean isEngineClosed() {
        return this.tlsEngine.isOutboundDone() && this.tlsEngine.isInboundDone();
    }

    public void enableLogging(boolean z) {
        this.logging = z;
    }

    public ByteBuffer unwrap(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws SSLException {
        ByteBuffer resizeApplicationBuffer = resizeApplicationBuffer(byteBuffer2);
        String str = null;
        if (Log.isDebugEnabled()) {
            ByteBuffer duplicate = byteBuffer.duplicate();
            str = StringUtils.encodeHex(Arrays.copyOf(duplicate.array(), duplicate.limit()));
        }
        try {
            this.tlsEngineResult = this.tlsEngine.unwrap(byteBuffer, resizeApplicationBuffer);
            log("server unwrap: ", this.tlsEngineResult);
            if (this.tlsEngineResult.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                doTasks();
            }
            return resizeApplicationBuffer;
        } catch (SSLException e) {
            if (!e.getMessage().startsWith("Unsupported record version Unknown-")) {
                throw e;
            }
            Log.debug("Buffer that wasn't TLS: {}", str);
            throw new SSLException("We appear to have received plain text data where we expected encrypted data. A common cause for this is a peer sending us a plain-text error message when it shouldn't send a message, but close the socket instead).", e);
        }
    }

    public void wrap(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws SSLException {
        this.tlsEngineResult = this.tlsEngine.wrap(byteBuffer, byteBuffer2);
        log("server wrap: ", this.tlsEngineResult);
        if (this.tlsEngineResult.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
            doTasks();
        }
    }

    public void close() throws SSLException {
        this.tlsEngine.closeOutbound();
    }

    public TLSStatus getStatus() {
        if (this.tlsEngineResult != null && this.tlsEngineResult.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
            return TLSStatus.UNDERFLOW;
        }
        if (this.tlsEngineResult != null && this.tlsEngineResult.getStatus() == SSLEngineResult.Status.CLOSED) {
            return TLSStatus.CLOSED;
        }
        switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[this.tlsEngine.getHandshakeStatus().ordinal()]) {
            case 1:
                return TLSStatus.NEED_WRITE;
            case 2:
                return TLSStatus.NEED_READ;
            default:
                return TLSStatus.OK;
        }
    }

    private ByteBuffer resizeApplicationBuffer(ByteBuffer byteBuffer) {
        if (byteBuffer.remaining() >= this.appBuffSize) {
            return byteBuffer;
        }
        ByteBuffer allocate = ByteBuffer.allocate(byteBuffer.capacity() + this.appBuffSize);
        byteBuffer.flip();
        allocate.put(byteBuffer);
        return allocate;
    }

    private SSLEngineResult.HandshakeStatus doTasks() {
        while (true) {
            Runnable delegatedTask = this.tlsEngine.getDelegatedTask();
            if (delegatedTask == null) {
                return this.tlsEngine.getHandshakeStatus();
            }
            delegatedTask.run();
        }
    }

    private void log(String str, SSLEngineResult sSLEngineResult) {
        if (this.logging) {
            if (this.resultOnce) {
                this.resultOnce = false;
                Log.info("The format of the SSLEngineResult is: \n\t\"getStatus() / getHandshakeStatus()\" +\n\t\"bytesConsumed() / bytesProduced()\"\n");
            }
            SSLEngineResult.HandshakeStatus handshakeStatus = sSLEngineResult.getHandshakeStatus();
            Log.info(str + sSLEngineResult.getStatus() + "/" + handshakeStatus + ", " + sSLEngineResult.bytesConsumed() + "/" + sSLEngineResult.bytesProduced() + " bytes");
            if (handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED) {
                Log.info("\t...ready for application data");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SSLEngine getTlsEngine() {
        return this.tlsEngine;
    }
}
