package org.dcache.oncrpc4j.grizzly;

import com.google.common.annotations.Beta;
import java.io.IOException;
import org.dcache.oncrpc4j.rpc.RpcAuthError;
import org.dcache.oncrpc4j.rpc.RpcAuthException;
import org.glassfish.grizzly.Connection;
import org.glassfish.grizzly.EmptyCompletionHandler;
import org.glassfish.grizzly.filterchain.BaseFilter;
import org.glassfish.grizzly.filterchain.FilterChain;
import org.glassfish.grizzly.filterchain.FilterChainBuilder;
import org.glassfish.grizzly.filterchain.FilterChainContext;
import org.glassfish.grizzly.filterchain.NextAction;
import org.glassfish.grizzly.ssl.SSLFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Beta
/* loaded from: input_file:org/dcache/oncrpc4j/grizzly/StartTlsFilter.class */
public class StartTlsFilter extends BaseFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) StartTlsFilter.class);
    private final SSLFilter sslFilter;
    private final boolean isClient;
    private volatile boolean start;

    public StartTlsFilter(SSLFilter sSLFilter, boolean z) {
        this.sslFilter = sSLFilter;
        this.isClient = z;
    }

    @Override // org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
    public NextAction handleWrite(FilterChainContext filterChainContext) throws IOException {
        NextAction handleWrite = super.handleWrite(filterChainContext);
        if (this.start) {
            enableSSLFilter(filterChainContext.getConnection());
        }
        return handleWrite;
    }

    public void startTLS(Connection connection) throws RpcAuthException {
        this.start = true;
        if (this.isClient) {
            enableSSLFilter(connection);
            try {
                this.sslFilter.handshake(connection, new EmptyCompletionHandler());
            } catch (IOException e) {
                LOGGER.error("Failed to perform TLS handshake: {}", e.getMessage());
                throw new RpcAuthException("Failed to perform TLS handshake", new RpcAuthError(7));
            }
        }
    }

    private void enableSSLFilter(Connection connection) {
        connection.setProcessor(FilterChainBuilder.stateless().addAll((FilterChain) connection.getProcessor()).remove(this).add(1, this.sslFilter).build());
    }
}
