package org.dcache.dss;

import com.google.common.base.Preconditions;
import java.io.EOFException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.Collections;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.auth.Subject;
import org.dcache.util.ByteUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/dcache/dss/SslEngineDssContext.class */
public class SslEngineDssContext implements DssContext {
    private static final Logger LOGGER = LoggerFactory.getLogger(SslEngineDssContext.class);
    private static final ByteBuffer EMPTY = ByteBuffer.wrap(new byte[0]);
    private final SSLEngine engine;
    private final CertificateFactory cf;
    private boolean isClientModeSet;
    private ByteBuffer inToken;
    private ByteBuffer outToken;
    private ByteBuffer data;
    private Subject subject;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.dcache.dss.SslEngineDssContext$1, reason: invalid class name */
    /* loaded from: input_file:org/dcache/dss/SslEngineDssContext$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.OK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 4;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 5;
            } catch (NoSuchFieldError e9) {
            }
        }
    }

    public SslEngineDssContext(SSLEngine sSLEngine, CertificateFactory certificateFactory) {
        this.engine = sSLEngine;
        this.cf = certificateFactory;
        this.data = ByteBuffer.allocate(sSLEngine.getSession().getApplicationBufferSize());
        this.outToken = ByteBuffer.allocate(sSLEngine.getSession().getPacketBufferSize());
    }

    private void addInToken(byte[] bArr) {
        if (this.inToken == null || this.inToken.remaining() == 0) {
            this.inToken = ByteBuffer.wrap(bArr);
            return;
        }
        if (this.inToken.capacity() - this.inToken.remaining() >= bArr.length) {
            this.inToken.compact();
            this.inToken.put(bArr);
            this.inToken.flip();
        } else {
            ByteBuffer allocate = ByteBuffer.allocate(this.inToken.remaining() + bArr.length);
            allocate.put(this.inToken);
            allocate.put(bArr);
            allocate.flip();
            this.inToken = allocate;
        }
    }

    private byte[] getOutToken() {
        return getBytes(this.outToken);
    }

    private void handshake() throws IOException {
        while (!isEstablished()) {
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[this.engine.getHandshakeStatus().ordinal()]) {
                case 1:
                case 2:
                    throw new IllegalStateException("Not handshaking");
                case 3:
                    Runnable delegatedTask = this.engine.getDelegatedTask();
                    if (delegatedTask == null) {
                        break;
                    } else {
                        delegatedTask.run();
                        break;
                    }
                case 4:
                    wrap(EMPTY);
                    break;
                case 5:
                    if (unwrap()) {
                        break;
                    } else {
                        return;
                    }
            }
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:3:0x0090. Please report as an issue. */
    private void wrap(ByteBuffer byteBuffer) throws IOException {
        SSLEngineResult wrap;
        int i = 0;
        do {
            i++;
            LOGGER.debug("Wrapping: buffer posn={}, limit={}, capacity={}, remaining={}", new Object[]{Integer.valueOf(byteBuffer.position()), Integer.valueOf(byteBuffer.limit()), Integer.valueOf(byteBuffer.capacity()), Integer.valueOf(byteBuffer.remaining())});
            wrap = this.engine.wrap(byteBuffer, this.outToken);
            LOGGER.debug("Result: status={}, seq={}, consumed={}, produced={}, remaining={}", new Object[]{wrap.getStatus(), Long.valueOf(wrap.sequenceNumber()), Integer.valueOf(wrap.bytesConsumed()), Integer.valueOf(wrap.bytesProduced()), Integer.valueOf(byteBuffer.remaining())});
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[wrap.getStatus().ordinal()]) {
                case 1:
                    throw new RuntimeException();
                case 2:
                    ByteBuffer allocate = ByteBuffer.allocate(this.outToken.capacity() + this.engine.getSession().getPacketBufferSize());
                    this.outToken.flip();
                    allocate.put(this.outToken);
                    this.outToken = allocate;
                    break;
                case 3:
                    if (wrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED) {
                        this.subject = createSubject();
                    }
                    break;
                case 4:
                    throw new EOFException();
            }
        } while (wrap.getStatus() != SSLEngineResult.Status.OK);
        if (byteBuffer.hasRemaining()) {
            throw new RuntimeException("SSLEngine did not wrap all data: c=" + i + ", in=" + byteBuffer.limit() + " r=" + byteBuffer.remaining() + " out=" + this.outToken.position());
        }
    }

    @Override // org.dcache.dss.DssContext
    public long maxApplicationSize() {
        return ByteUnit.KiB.toBytes(16);
    }

    private boolean unwrap() throws IOException {
        while (true) {
            SSLEngineResult unwrap = this.engine.unwrap(this.inToken, this.data);
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[unwrap.getStatus().ordinal()]) {
                case 1:
                    return false;
                case 2:
                    ByteBuffer allocate = ByteBuffer.allocate(this.outToken.capacity() + this.engine.getSession().getApplicationBufferSize());
                    this.data.flip();
                    allocate.put(this.data);
                    this.data = allocate;
                    break;
                case 3:
                    if (unwrap.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.FINISHED) {
                        return true;
                    }
                    this.subject = createSubject();
                    return true;
                case 4:
                    throw new EOFException();
            }
        }
    }

    private byte[] getData() {
        return getBytes(this.data);
    }

    private static byte[] getBytes(ByteBuffer byteBuffer) {
        byte[] bArr;
        byteBuffer.flip();
        if (byteBuffer.hasRemaining()) {
            bArr = new byte[byteBuffer.remaining()];
            byteBuffer.get(bArr);
        } else {
            bArr = null;
        }
        byteBuffer.clear();
        return bArr;
    }

    @Override // org.dcache.dss.DssContext
    public byte[] init(byte[] bArr) throws IOException {
        Preconditions.checkState(!isEstablished());
        if (!this.isClientModeSet) {
            this.engine.setUseClientMode(true);
            this.isClientModeSet = true;
        }
        addInToken(bArr);
        handshake();
        return getOutToken();
    }

    @Override // org.dcache.dss.DssContext
    public byte[] accept(byte[] bArr) throws IOException {
        Preconditions.checkState(!isEstablished());
        if (!this.isClientModeSet) {
            this.engine.setUseClientMode(false);
            this.isClientModeSet = true;
        }
        addInToken(bArr);
        handshake();
        return getOutToken();
    }

    @Override // org.dcache.dss.DssContext
    public byte[] wrap(byte[] bArr, int i, int i2) throws IOException {
        Preconditions.checkState(isEstablished());
        wrap(ByteBuffer.wrap(bArr, i, i2));
        return getOutToken();
    }

    @Override // org.dcache.dss.DssContext
    public byte[] unwrap(byte[] bArr) throws IOException {
        Preconditions.checkState(isEstablished());
        addInToken(bArr);
        do {
            if (!unwrap()) {
                break;
            }
        } while (this.inToken.hasRemaining());
        return getData();
    }

    @Override // org.dcache.dss.DssContext
    public boolean isEstablished() {
        return this.subject != null;
    }

    @Override // org.dcache.dss.DssContext
    public Subject getSubject() {
        return this.subject;
    }

    @Override // org.dcache.dss.DssContext
    public String getPeerName() {
        try {
            return this.engine.getSession().getPeerPrincipal().getName();
        } catch (SSLPeerUnverifiedException e) {
            return null;
        }
    }

    public SSLSession getSSLSession() {
        return this.engine.getSession();
    }

    private Subject createSubject() throws IOException {
        try {
            return new Subject(false, Collections.emptySet(), Collections.singleton(this.cf.generateCertPath(Arrays.asList(this.engine.getSession().getPeerCertificates()))), Collections.emptySet());
        } catch (CertificateException e) {
            throw new IOException("Certificate failure: " + e.getMessage(), e);
        } catch (SSLPeerUnverifiedException e2) {
            throw new IOException("Failed to establish identity of SSL peer: " + e2.getMessage(), e2);
        }
    }
}
