package org.glassfish.grizzly.ssl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import org.glassfish.grizzly.Buffer;
import org.glassfish.grizzly.Connection;
import org.glassfish.grizzly.Context;
import org.glassfish.grizzly.FileTransfer;
import org.glassfish.grizzly.Grizzly;
import org.glassfish.grizzly.GrizzlyFuture;
import org.glassfish.grizzly.IOEvent;
import org.glassfish.grizzly.IOEventLifeCycleListener;
import org.glassfish.grizzly.ProcessorExecutor;
import org.glassfish.grizzly.Transport;
import org.glassfish.grizzly.asyncqueue.MessageCloner;
import org.glassfish.grizzly.attributes.Attribute;
import org.glassfish.grizzly.attributes.AttributeStorage;
import org.glassfish.grizzly.filterchain.BaseFilter;
import org.glassfish.grizzly.filterchain.FilterChain;
import org.glassfish.grizzly.filterchain.FilterChainContext;
import org.glassfish.grizzly.filterchain.FilterChainEvent;
import org.glassfish.grizzly.filterchain.NextAction;
import org.glassfish.grizzly.filterchain.TransportFilter;
import org.glassfish.grizzly.impl.FutureImpl;
import org.glassfish.grizzly.memory.Buffers;
import org.glassfish.grizzly.memory.CompositeBuffer;
import org.glassfish.grizzly.memory.MemoryManager;
import org.glassfish.grizzly.ssl.SSLConnectionContext;
import org.glassfish.grizzly.utils.DataStructures;
import org.glassfish.grizzly.utils.Futures;

/* loaded from: classes6.dex */
public class SSLBaseFilter extends BaseFilter {
    protected final Set<HandshakeListener> handshakeListeners;
    private long handshakeTimeoutMillis;
    private SSLTransportFilterWrapper optimizedTransportFilter;
    private final boolean renegotiateOnClientAuthWant;
    private final SSLEngineConfigurator serverSSLEngineConfigurator;
    private static final Logger LOGGER = Grizzly.logger(SSLBaseFilter.class);
    protected static final MessageCloner<Buffer> COPY_CLONER = new OnWriteCopyCloner();
    private static final SSLConnectionContext.Allocator MM_ALLOCATOR = new SSLConnectionContext.Allocator() { // from class: org.glassfish.grizzly.ssl.SSLBaseFilter.1
        /* JADX WARN: Type inference failed for: r1v3, types: [org.glassfish.grizzly.Buffer] */
        /* JADX WARN: Type inference failed for: r1v4, types: [org.glassfish.grizzly.Buffer] */
        @Override // org.glassfish.grizzly.ssl.SSLConnectionContext.Allocator
        public Buffer grow(SSLConnectionContext sSLConnectionContext, Buffer buffer, int i11) {
            MemoryManager<?> memoryManager = sSLConnectionContext.getConnection().getMemoryManager();
            return buffer == null ? memoryManager.allocate(i11) : memoryManager.reallocate(buffer, i11);
        }
    };
    private static final SSLConnectionContext.Allocator OUTPUT_BUFFER_ALLOCATOR = new SSLConnectionContext.Allocator() { // from class: org.glassfish.grizzly.ssl.SSLBaseFilter.2
        @Override // org.glassfish.grizzly.ssl.SSLConnectionContext.Allocator
        public Buffer grow(SSLConnectionContext sSLConnectionContext, Buffer buffer, int i11) {
            return SSLUtils.allocateOutputBuffer(i11);
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.glassfish.grizzly.ssl.SSLBaseFilter$4, reason: invalid class name */
    /* loaded from: classes6.dex */
    public static /* synthetic */ class AnonymousClass4 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status;

        static {
            int[] iArr = new int[SSLEngineResult.HandshakeStatus.values().length];
            $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = iArr;
            try {
                iArr[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            int[] iArr2 = new int[SSLEngineResult.Status.values().length];
            $SwitchMap$javax$net$ssl$SSLEngineResult$Status = iArr2;
            try {
                iArr2[SSLEngineResult.Status.OK.ordinal()] = 1;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 2;
            } catch (NoSuchFieldError unused7) {
            }
        }
    }

    /* loaded from: classes6.dex */
    public static class CertificateEvent implements FilterChainEvent {
        static final String TYPE = "CERT_EVENT";
        final FutureImpl<Object[]> certsFuture = Futures.createSafeFuture();
        final boolean needClientAuth;

        public CertificateEvent(boolean z11) {
            this.needClientAuth = z11;
        }

        public GrizzlyFuture<Object[]> trigger(FilterChainContext filterChainContext) {
            filterChainContext.getFilterChain().fireEventDownstream(filterChainContext.getConnection(), this, null);
            return this.certsFuture;
        }

        @Override // org.glassfish.grizzly.filterchain.FilterChainEvent
        public final Object type() {
            return TYPE;
        }
    }

    /* loaded from: classes6.dex */
    public interface HandshakeListener {
        void onComplete(Connection connection);

        void onFailure(Connection connection, Throwable th2);

        void onStart(Connection connection);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes6.dex */
    public static class InternalProcessingHandler extends IOEventLifeCycleListener.Adapter {
        private final FilterChainContext parentContext;

        private InternalProcessingHandler(FilterChainContext filterChainContext) {
            this.parentContext = filterChainContext;
        }

        @Override // org.glassfish.grizzly.IOEventLifeCycleListener.Adapter, org.glassfish.grizzly.IOEventLifeCycleListener
        public void onComplete(Context context, Object obj) throws IOException {
            FilterChainContext filterChainContext = this.parentContext;
            filterChainContext.resume(filterChainContext.getStopAction());
        }
    }

    /* loaded from: classes6.dex */
    private static final class OnWriteCopyCloner implements MessageCloner<Buffer> {
        static final /* synthetic */ boolean $assertionsDisabled = false;

        private OnWriteCopyCloner() {
        }

        @Override // org.glassfish.grizzly.asyncqueue.MessageCloner
        public Buffer clone(Connection connection, Buffer buffer) {
            SSLConnectionContext sslConnectionContext = SSLUtils.getSslConnectionContext(connection);
            int netBufferSize = sslConnectionContext.getNetBufferSize() / 2;
            Buffer resetLastOutputBuffer = sslConnectionContext.resetLastOutputBuffer();
            if (buffer.remaining() < netBufferSize) {
                return SSLUtils.move(connection.getMemoryManager(), buffer);
            }
            if (resetLastOutputBuffer.remaining() >= netBufferSize) {
                return buffer;
            }
            Buffer copy = SSLUtils.copy(connection.getMemoryManager(), buffer);
            if (buffer.isComposite()) {
                ((CompositeBuffer) buffer).replace(resetLastOutputBuffer, copy);
            }
            resetLastOutputBuffer.tryDispose();
            return copy;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes6.dex */
    public static class SSLTransportFilterWrapper extends TransportFilter {
        protected final SSLBaseFilter sslBaseFilter;
        protected final TransportFilter wrappedFilter;

        public SSLTransportFilterWrapper(TransportFilter transportFilter, SSLBaseFilter sSLBaseFilter) {
            this.wrappedFilter = transportFilter;
            this.sslBaseFilter = sSLBaseFilter;
        }

        @Override // org.glassfish.grizzly.filterchain.BaseFilter
        public FilterChainContext createContext(Connection connection, FilterChainContext.Operation operation) {
            return this.wrappedFilter.createContext(connection, operation);
        }

        @Override // org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
        public void exceptionOccurred(FilterChainContext filterChainContext, Throwable th2) {
            this.wrappedFilter.exceptionOccurred(filterChainContext, th2);
        }

        @Override // org.glassfish.grizzly.filterchain.TransportFilter, org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
        public NextAction handleAccept(FilterChainContext filterChainContext) throws IOException {
            return this.wrappedFilter.handleAccept(filterChainContext);
        }

        @Override // org.glassfish.grizzly.filterchain.TransportFilter, org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
        public NextAction handleClose(FilterChainContext filterChainContext) throws IOException {
            return this.wrappedFilter.handleClose(filterChainContext);
        }

        @Override // org.glassfish.grizzly.filterchain.TransportFilter, org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
        public NextAction handleConnect(FilterChainContext filterChainContext) throws IOException {
            return this.wrappedFilter.handleConnect(filterChainContext);
        }

        @Override // org.glassfish.grizzly.filterchain.TransportFilter, org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
        public NextAction handleEvent(FilterChainContext filterChainContext, FilterChainEvent filterChainEvent) throws IOException {
            return this.wrappedFilter.handleEvent(filterChainContext, filterChainEvent);
        }

        @Override // org.glassfish.grizzly.filterchain.TransportFilter, org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
        public NextAction handleRead(FilterChainContext filterChainContext) throws IOException {
            Connection connection = filterChainContext.getConnection();
            SSLConnectionContext obtainSslConnectionContext = this.sslBaseFilter.obtainSslConnectionContext(connection);
            if (obtainSslConnectionContext.getSslEngine() == null) {
                SSLEngine createSSLEngine = this.sslBaseFilter.serverSSLEngineConfigurator.createSSLEngine();
                createSSLEngine.beginHandshake();
                obtainSslConnectionContext.configure(createSSLEngine);
                this.sslBaseFilter.notifyHandshakeStart(connection);
            }
            filterChainContext.setMessage(SSLUtils.allowDispose(SSLUtils.allocateInputBuffer(obtainSslConnectionContext)));
            return this.wrappedFilter.handleRead(filterChainContext);
        }

        @Override // org.glassfish.grizzly.filterchain.TransportFilter, org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
        public NextAction handleWrite(FilterChainContext filterChainContext) throws IOException {
            return this.wrappedFilter.handleWrite(filterChainContext);
        }

        @Override // org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
        public void onAdded(FilterChain filterChain) {
            this.wrappedFilter.onAdded(filterChain);
        }

        @Override // org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
        public void onFilterChainChanged(FilterChain filterChain) {
            this.wrappedFilter.onFilterChainChanged(filterChain);
        }

        @Override // org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
        public void onRemoved(FilterChain filterChain) {
            this.wrappedFilter.onRemoved(filterChain);
        }
    }

    public SSLBaseFilter() {
        this(null);
    }

    public SSLBaseFilter(SSLEngineConfigurator sSLEngineConfigurator) {
        this(sSLEngineConfigurator, true);
    }

    public SSLBaseFilter(SSLEngineConfigurator sSLEngineConfigurator, boolean z11) {
        this.handshakeListeners = Collections.newSetFromMap(DataStructures.getConcurrentMap(2));
        this.handshakeTimeoutMillis = -1L;
        this.renegotiateOnClientAuthWant = z11;
        this.serverSSLEngineConfigurator = sSLEngineConfigurator == null ? new SSLEngineConfigurator(SSLContextConfigurator.DEFAULT_CONFIG.createSSLContext(), false, false, false) : sSLEngineConfigurator;
    }

    private Buffer closeGracefully(FilterChainContext filterChainContext, SSLConnectionContext sSLConnectionContext) throws SSLException {
        SSLConnectionContext sSLConnectionContext2;
        try {
            sSLConnectionContext2 = sSLConnectionContext;
            try {
                Buffer doHandshakeSync = doHandshakeSync(sSLConnectionContext2, filterChainContext, null, this.handshakeTimeoutMillis);
                sSLConnectionContext2.getConnection().closeSilently();
                return doHandshakeSync;
            } catch (Throwable th2) {
                th = th2;
                SSLException sSLException = th;
                try {
                    Logger logger = LOGGER;
                    Level level = Level.FINE;
                    if (logger.isLoggable(level)) {
                        logger.log(level, "Error during graceful ssl connection close", (Throwable) sSLException);
                    }
                    if (sSLException instanceof SSLException) {
                        throw sSLException;
                    }
                    throw new SSLException("Error during re-handshaking", sSLException);
                } catch (Throwable th3) {
                    sSLConnectionContext2.getConnection().closeSilently();
                    throw th3;
                }
            }
        } catch (Throwable th4) {
            th = th4;
            sSLConnectionContext2 = sSLConnectionContext;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509Certificate[] extractX509Certs(Certificate[] certificateArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        int length = certificateArr.length;
        for (int i11 = 0; i11 < length; i11++) {
            Certificate certificate = certificateArr[i11];
            if (certificate instanceof X509Certificate) {
                x509CertificateArr[i11] = (X509Certificate) certificate;
            } else {
                try {
                    x509CertificateArr[i11] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificate.getEncoded()));
                } catch (Exception e11) {
                    LOGGER.log(Level.INFO, "Error translating cert " + certificateArr[i11], (Throwable) e11);
                    return null;
                }
            }
            Logger logger = LOGGER;
            Level level = Level.FINE;
            if (logger.isLoggable(level)) {
                logger.log(level, "Cert #{0} = {1}", new Object[]{Integer.valueOf(i11), x509CertificateArr[i11]});
            }
        }
        return x509CertificateArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Certificate[] getPeerCertificates(SSLConnectionContext sSLConnectionContext) {
        try {
            return sSLConnectionContext.getSslEngine().getSession().getPeerCertificates();
        } catch (Throwable th2) {
            Logger logger = LOGGER;
            Level level = Level.FINE;
            if (!logger.isLoggable(level)) {
                return null;
            }
            logger.log(level, "Error getting client certs", th2);
            return null;
        }
    }

    private static FilterChainContext obtainProtocolChainContext(FilterChainContext filterChainContext, FilterChain filterChain) {
        FilterChainContext obtainFilterChainContext = filterChain.obtainFilterChainContext(filterChainContext.getConnection(), filterChainContext.getStartIdx(), filterChain.size(), filterChainContext.getFilterIdx());
        obtainFilterChainContext.setAddressHolder(filterChainContext.getAddressHolder());
        obtainFilterChainContext.setMessage(filterChainContext.getMessage());
        obtainFilterChainContext.getInternalContext().setIoEvent(IOEvent.READ);
        obtainFilterChainContext.getInternalContext().addLifeCycleListener(new InternalProcessingHandler(filterChainContext));
        return obtainFilterChainContext;
    }

    private Buffer rehandshake(FilterChainContext filterChainContext, SSLConnectionContext sSLConnectionContext) throws SSLException {
        Connection connection = filterChainContext.getConnection();
        notifyHandshakeStart(connection);
        try {
            try {
                Buffer doHandshakeSync = doHandshakeSync(sSLConnectionContext, filterChainContext, null, this.handshakeTimeoutMillis);
                notifyHandshakeComplete(connection, sSLConnectionContext.getSslEngine());
                return doHandshakeSync;
            } catch (Throwable th2) {
                th = th2;
                SSLException sSLException = th;
                notifyHandshakeFailed(connection, sSLException);
                Logger logger = LOGGER;
                Level level = Level.FINE;
                if (logger.isLoggable(level)) {
                    logger.log(level, "Error during re-handshaking", (Throwable) sSLException);
                }
                if (sSLException instanceof SSLException) {
                    throw sSLException;
                }
                throw new SSLException("Error during re-handshaking", sSLException);
            }
        } catch (Throwable th3) {
            th = th3;
        }
    }

    public void addHandshakeListener(HandshakeListener handshakeListener) {
        this.handshakeListeners.add(handshakeListener);
    }

    protected SSLTransportFilterWrapper createOptimizedTransportFilter(TransportFilter transportFilter) {
        return new SSLTransportFilterWrapper(transportFilter, this);
    }

    protected SSLConnectionContext createSslConnectionContext(Connection connection) {
        return new SSLConnectionContext(connection);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Buffer doHandshakeStep(SSLConnectionContext sSLConnectionContext, FilterChainContext filterChainContext, Buffer buffer) throws IOException {
        return doHandshakeStep(sSLConnectionContext, filterChainContext, buffer, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x00e0, code lost:
    
        if (r9 == null) goto L57;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x00e2, code lost:
    
        r9.dispose();
     */
    /* JADX WARN: Removed duplicated region for block: B:78:0x0119  */
    /* JADX WARN: Removed duplicated region for block: B:80:0x0125  */
    /* JADX WARN: Removed duplicated region for block: B:84:0x011d  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.glassfish.grizzly.Buffer doHandshakeStep(org.glassfish.grizzly.ssl.SSLConnectionContext r16, org.glassfish.grizzly.filterchain.FilterChainContext r17, org.glassfish.grizzly.Buffer r18, org.glassfish.grizzly.Buffer r19) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 302
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.glassfish.grizzly.ssl.SSLBaseFilter.doHandshakeStep(org.glassfish.grizzly.ssl.SSLConnectionContext, org.glassfish.grizzly.filterchain.FilterChainContext, org.glassfish.grizzly.Buffer, org.glassfish.grizzly.Buffer):org.glassfish.grizzly.Buffer");
    }

    protected Buffer doHandshakeSync(SSLConnectionContext sSLConnectionContext, FilterChainContext filterChainContext, Buffer buffer, long j11) throws IOException {
        Connection connection = filterChainContext.getConnection();
        SSLEngine sslEngine = sSLConnectionContext.getSslEngine();
        Buffer allocateOutputBuffer = SSLUtils.allocateOutputBuffer(sSLConnectionContext.getAppBufferSize());
        TimeUnit timeUnit = TimeUnit.MILLISECONDS;
        long readTimeout = connection.getReadTimeout(timeUnit);
        try {
            connection.setReadTimeout(j11, timeUnit);
            Buffer makeInputRemainder = SSLUtils.makeInputRemainder(sSLConnectionContext, filterChainContext, doHandshakeStep(sSLConnectionContext, filterChainContext, buffer, allocateOutputBuffer));
            while (SSLUtils.isHandshaking(sslEngine)) {
                makeInputRemainder = SSLUtils.makeInputRemainder(sSLConnectionContext, filterChainContext, doHandshakeStep(sSLConnectionContext, filterChainContext, Buffers.appendBuffers(filterChainContext.getMemoryManager(), makeInputRemainder, (Buffer) filterChainContext.read().getMessage()), allocateOutputBuffer));
            }
            return makeInputRemainder;
        } finally {
            allocateOutputBuffer.dispose();
            connection.setReadTimeout(readTimeout, TimeUnit.MILLISECONDS);
        }
    }

    public long getHandshakeTimeout(TimeUnit timeUnit) {
        long j11 = this.handshakeTimeoutMillis;
        if (j11 < 0) {
            return -1L;
        }
        return timeUnit.convert(j11, TimeUnit.MILLISECONDS);
    }

    protected SSLTransportFilterWrapper getOptimizedTransportFilter(TransportFilter transportFilter) {
        SSLTransportFilterWrapper sSLTransportFilterWrapper = this.optimizedTransportFilter;
        if (sSLTransportFilterWrapper == null || sSLTransportFilterWrapper.wrappedFilter != transportFilter) {
            this.optimizedTransportFilter = createOptimizedTransportFilter(transportFilter);
        }
        return this.optimizedTransportFilter;
    }

    protected void getPeerCertificateChain(final SSLConnectionContext sSLConnectionContext, final FilterChainContext filterChainContext, boolean z11, final FutureImpl<Object[]> futureImpl) {
        Certificate[] peerCertificates = getPeerCertificates(sSLConnectionContext);
        if (peerCertificates != null) {
            futureImpl.result(peerCertificates);
            return;
        }
        if (z11) {
            Transport transport = filterChainContext.getConnection().getTransport();
            ExecutorService workerThreadPool = transport.getWorkerThreadPool();
            if (workerThreadPool == null) {
                workerThreadPool = transport.getKernelThreadPool();
            }
            workerThreadPool.submit(new Runnable() { // from class: org.glassfish.grizzly.ssl.SSLBaseFilter.3
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        try {
                            SSLBaseFilter.this.renegotiate(sSLConnectionContext, filterChainContext);
                            Certificate[] peerCertificates2 = SSLBaseFilter.getPeerCertificates(sSLConnectionContext);
                            if (peerCertificates2 == null) {
                                futureImpl.result(null);
                            } else {
                                X509Certificate[] extractX509Certs = SSLBaseFilter.extractX509Certs(peerCertificates2);
                                if (extractX509Certs != null && extractX509Certs.length >= 1) {
                                    futureImpl.result(extractX509Certs);
                                }
                                futureImpl.result(null);
                            }
                        } catch (IOException e11) {
                            futureImpl.failure(e11);
                        }
                    } finally {
                        FilterChainContext filterChainContext2 = filterChainContext;
                        filterChainContext2.resume(filterChainContext2.getStopAction());
                    }
                }
            });
        }
    }

    public SSLEngineConfigurator getServerSSLEngineConfigurator() {
        return this.serverSSLEngineConfigurator;
    }

    @Override // org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
    public NextAction handleEvent(FilterChainContext filterChainContext, FilterChainEvent filterChainEvent) throws IOException {
        if (filterChainEvent.type() != "CERT_EVENT") {
            return filterChainContext.getInvokeAction();
        }
        CertificateEvent certificateEvent = (CertificateEvent) filterChainEvent;
        try {
            return filterChainContext.getSuspendAction();
        } finally {
            getPeerCertificateChain(obtainSslConnectionContext(filterChainContext.getConnection()), filterChainContext, certificateEvent.needClientAuth, certificateEvent.certsFuture);
        }
    }

    @Override // org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
    public NextAction handleRead(FilterChainContext filterChainContext) throws IOException {
        FilterChainContext filterChainContext2;
        Buffer makeInputRemainder;
        Connection connection = filterChainContext.getConnection();
        SSLConnectionContext obtainSslConnectionContext = obtainSslConnectionContext(connection);
        SSLEngine sslEngine = obtainSslConnectionContext.getSslEngine();
        if (sslEngine != null && !SSLUtils.isHandshaking(sslEngine)) {
            return unwrapAll(filterChainContext, obtainSslConnectionContext);
        }
        if (sslEngine == null) {
            sslEngine = this.serverSSLEngineConfigurator.createSSLEngine();
            sslEngine.beginHandshake();
            obtainSslConnectionContext.configure(sslEngine);
            notifyHandshakeStart(connection);
        }
        SSLEngine sSLEngine = sslEngine;
        if (this.handshakeTimeoutMillis >= 0) {
            filterChainContext2 = filterChainContext;
            makeInputRemainder = doHandshakeSync(obtainSslConnectionContext, filterChainContext2, (Buffer) filterChainContext.getMessage(), this.handshakeTimeoutMillis);
        } else {
            filterChainContext2 = filterChainContext;
            makeInputRemainder = SSLUtils.makeInputRemainder(obtainSslConnectionContext, filterChainContext2, doHandshakeStep(obtainSslConnectionContext, filterChainContext2, (Buffer) filterChainContext2.getMessage()));
        }
        boolean z11 = makeInputRemainder != null && makeInputRemainder.hasRemaining();
        if (!SSLUtils.isHandshaking(sSLEngine)) {
            notifyHandshakeComplete(connection, sSLEngine);
            FilterChain newConnectionFilterChain = obtainSslConnectionContext.getNewConnectionFilterChain();
            obtainSslConnectionContext.setNewConnectionFilterChain(null);
            if (newConnectionFilterChain != null) {
                Logger logger = LOGGER;
                Level level = Level.FINE;
                if (logger.isLoggable(level)) {
                    logger.log(level, "Applying new FilterChain afterSSLHandshake. Connection={0} filterchain={1}", new Object[]{connection, newConnectionFilterChain});
                }
                connection.setProcessor(newConnectionFilterChain);
                if (!z11) {
                    return filterChainContext2.getStopAction();
                }
                NextAction suspendAction = filterChainContext2.getSuspendAction();
                filterChainContext2.setMessage(makeInputRemainder);
                filterChainContext2.suspend();
                ProcessorExecutor.execute(obtainProtocolChainContext(filterChainContext2, newConnectionFilterChain).getInternalContext());
                return suspendAction;
            }
            if (z11) {
                filterChainContext2.setMessage(makeInputRemainder);
                return unwrapAll(filterChainContext2, obtainSslConnectionContext);
            }
        }
        return filterChainContext2.getStopAction(makeInputRemainder);
    }

    @Override // org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
    public NextAction handleWrite(FilterChainContext filterChainContext) throws IOException {
        NextAction stopAction;
        if (filterChainContext.getMessage() instanceof FileTransfer) {
            throw new IllegalStateException("TLS operations not supported with SendFile messages");
        }
        Connection connection = filterChainContext.getConnection();
        synchronized (connection) {
            Buffer wrapAll = wrapAll(filterChainContext, obtainSslConnectionContext(connection));
            FilterChainContext.TransportContext transportContext = filterChainContext.getTransportContext();
            filterChainContext.write(null, wrapAll, transportContext.getCompletionHandler(), transportContext.getPushBackHandler(), COPY_CLONER, transportContext.isBlocking());
            stopAction = filterChainContext.getStopAction();
        }
        return stopAction;
    }

    public boolean isRenegotiateOnClientAuthWant() {
        return this.renegotiateOnClientAuthWant;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void notifyHandshakeComplete(Connection<?> connection, SSLEngine sSLEngine) {
        if (this.handshakeListeners.isEmpty()) {
            return;
        }
        Iterator<HandshakeListener> it = this.handshakeListeners.iterator();
        while (it.hasNext()) {
            it.next().onComplete(connection);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void notifyHandshakeFailed(Connection connection, Throwable th2) {
        if (this.handshakeListeners.isEmpty()) {
            return;
        }
        Iterator<HandshakeListener> it = this.handshakeListeners.iterator();
        while (it.hasNext()) {
            it.next().onFailure(connection, th2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void notifyHandshakeStart(Connection connection) {
        if (this.handshakeListeners.isEmpty()) {
            return;
        }
        Iterator<HandshakeListener> it = this.handshakeListeners.iterator();
        while (it.hasNext()) {
            it.next().onStart(connection);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SSLConnectionContext obtainSslConnectionContext(Connection connection) {
        Attribute<SSLConnectionContext> attribute = SSLUtils.SSL_CTX_ATTR;
        SSLConnectionContext sSLConnectionContext = attribute.get(connection);
        if (sSLConnectionContext != null) {
            return sSLConnectionContext;
        }
        SSLConnectionContext createSslConnectionContext = createSslConnectionContext(connection);
        attribute.set((AttributeStorage) connection, (Connection) createSslConnectionContext);
        return createSslConnectionContext;
    }

    @Override // org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
    public void onAdded(FilterChain filterChain) {
        int indexOfType;
        if (filterChain.indexOfType(SSLTransportFilterWrapper.class) != -1 || (indexOfType = filterChain.indexOfType(TransportFilter.class)) < 0) {
            return;
        }
        filterChain.set(indexOfType, getOptimizedTransportFilter((TransportFilter) filterChain.get(indexOfType)));
    }

    @Override // org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
    public void onRemoved(FilterChain filterChain) {
        int indexOf;
        SSLTransportFilterWrapper sSLTransportFilterWrapper = this.optimizedTransportFilter;
        if (sSLTransportFilterWrapper == null || (indexOf = filterChain.indexOf(sSLTransportFilterWrapper)) < 0) {
            return;
        }
        filterChain.set(indexOf, ((SSLTransportFilterWrapper) filterChain.get(indexOf)).wrappedFilter);
    }

    public void removeHandshakeListener(HandshakeListener handshakeListener) {
        this.handshakeListeners.remove(handshakeListener);
    }

    protected void renegotiate(SSLConnectionContext sSLConnectionContext, FilterChainContext filterChainContext) throws IOException {
        SSLEngine sslEngine = sSLConnectionContext.getSslEngine();
        if (!sslEngine.getWantClientAuth() || this.renegotiateOnClientAuthWant) {
            boolean z11 = sslEngine.getWantClientAuth() || sslEngine.getNeedClientAuth();
            if (!z11) {
                sslEngine.setNeedClientAuth(true);
            }
            sslEngine.getSession().invalidate();
            try {
                sslEngine.beginHandshake();
                try {
                    rehandshake(filterChainContext, sSLConnectionContext);
                } finally {
                    if (!z11) {
                        sslEngine.setNeedClientAuth(false);
                    }
                }
            } catch (SSLHandshakeException e11) {
                if (e11.toString().toLowerCase().contains("insecure renegotiation")) {
                    Logger logger = LOGGER;
                    if (logger.isLoggable(Level.SEVERE)) {
                        logger.severe("Secure SSL/TLS renegotiation is not supported by the peer.  This is most likely due to the peer using an older SSL/TLS implementation that does not implement RFC 5746.");
                    }
                }
                throw e11;
            }
        }
    }

    public void setHandshakeTimeout(long j11, TimeUnit timeUnit) {
        if (j11 < 0) {
            this.handshakeTimeoutMillis = -1L;
        } else {
            this.handshakeTimeoutMillis = TimeUnit.MILLISECONDS.convert(j11, timeUnit);
        }
    }

    protected NextAction unwrapAll(FilterChainContext filterChainContext, SSLConnectionContext sSLConnectionContext) throws SSLException {
        boolean z11;
        Buffer buffer = (Buffer) filterChainContext.getMessage();
        Buffer buffer2 = null;
        while (true) {
            int sSLPacketSize = SSLUtils.getSSLPacketSize(buffer);
            z11 = false;
            if (sSLPacketSize == -1 || buffer.remaining() < sSLPacketSize) {
                break;
            }
            SSLConnectionContext.SslResult unwrap = sSLConnectionContext.unwrap(sSLPacketSize, buffer, buffer2, MM_ALLOCATOR);
            if (SSLUtils.isHandshaking(sSLConnectionContext.getSslEngine())) {
                buffer = unwrap.getSslEngineResult().getStatus() != SSLEngineResult.Status.CLOSED ? rehandshake(filterChainContext, sSLConnectionContext) : closeGracefully(filterChainContext, sSLConnectionContext);
                if (buffer == null) {
                    break;
                }
            }
            buffer2 = unwrap.getOutput();
            if (!unwrap.isError()) {
                int i11 = AnonymousClass4.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[unwrap.getSslEngineResult().getStatus().ordinal()];
                if (i11 == 1) {
                    if (!buffer.hasRemaining()) {
                        break;
                    }
                } else {
                    if (i11 != 2) {
                        throw new IllegalStateException("Unexpected status: " + unwrap.getSslEngineResult().getStatus());
                    }
                    z11 = true;
                }
            } else {
                buffer2.dispose();
                throw unwrap.getError();
            }
        }
        if (buffer2 != null) {
            buffer2.trim();
            if (buffer2.hasRemaining() || z11) {
                filterChainContext.setMessage(buffer2);
                return filterChainContext.getInvokeAction(SSLUtils.makeInputRemainder(sSLConnectionContext, filterChainContext, buffer));
            }
        }
        return filterChainContext.getStopAction(SSLUtils.makeInputRemainder(sSLConnectionContext, filterChainContext, buffer));
    }

    protected Buffer wrapAll(FilterChainContext filterChainContext, SSLConnectionContext sSLConnectionContext) throws SSLException {
        Buffer buffer = (Buffer) filterChainContext.getMessage();
        Buffer wrapAll = sSLConnectionContext.wrapAll(buffer, OUTPUT_BUFFER_ALLOCATOR);
        buffer.tryDispose();
        return wrapAll;
    }
}
