package org.apache.tomcat.util.net.openssl;

import java.nio.ByteBuffer;
import java.nio.ReadOnlyBufferException;
import java.security.Principal;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionBindingEvent;
import javax.net.ssl.SSLSessionBindingListener;
import javax.net.ssl.SSLSessionContext;
import javax.security.cert.CertificateException;
import javax.security.cert.X509Certificate;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.jni.Buffer;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;
import org.apache.tomcat.util.buf.ByteBufferUtils;
import org.apache.tomcat.util.net.Constants;
import org.apache.tomcat.util.net.SSLUtil;
import org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser;
import org.apache.tomcat.util.res.StringManager;

/*  JADX ERROR: NullPointerException in pass: ClassModifier
    java.lang.NullPointerException: Cannot invoke "java.util.List.forEach(java.util.function.Consumer)" because "blocks" is null
    	at jadx.core.utils.BlockUtils.collectAllInsns(BlockUtils.java:1017)
    	at jadx.core.dex.visitors.ClassModifier.removeBridgeMethod(ClassModifier.java:239)
    	at jadx.core.dex.visitors.ClassModifier.removeSyntheticMethods(ClassModifier.java:154)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.ClassModifier.visit(ClassModifier.java:64)
    	at jadx.core.dex.visitors.ClassModifier.visit(ClassModifier.java:57)
    */
/* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-9.0.16.jar:org/apache/tomcat/util/net/openssl/OpenSSLEngine.class */
public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolInfo {
    private static final Log logger = LogFactory.getLog((Class<?>) OpenSSLEngine.class);
    private static final StringManager sm = StringManager.getManager((Class<?>) OpenSSLEngine.class);
    private static final Certificate[] EMPTY_CERTIFICATES = new Certificate[0];
    public static final Set<String> AVAILABLE_CIPHER_SUITES;
    public static final Set<String> IMPLEMENTED_PROTOCOLS_SET;
    private static final int MAX_PLAINTEXT_LENGTH = 16384;
    private static final int MAX_COMPRESSED_LENGTH = 17408;
    private static final int MAX_CIPHERTEXT_LENGTH = 18432;
    static final int VERIFY_DEPTH = 10;
    static final int MAX_ENCRYPTED_PACKET_LENGTH = 18713;
    static final int MAX_ENCRYPTION_OVERHEAD_LENGTH = 2329;
    private static final String INVALID_CIPHER = "SSL_NULL_WITH_NULL_NULL";
    private static final long EMPTY_ADDR;
    private long ssl;
    private long networkBIO;
    private Accepted accepted;
    private boolean handshakeFinished;
    private int currentHandshake;
    private boolean receivedShutdown;
    private volatile boolean destroyed;
    private volatile String version;
    private volatile String cipher;
    private volatile String applicationProtocol;
    private volatile Certificate[] peerCerts;

    @Deprecated
    private volatile X509Certificate[] x509PeerCerts;
    private volatile ClientAuthMode clientAuth;
    private boolean isInboundDone;
    private boolean isOutboundDone;
    private boolean engineClosed;
    private boolean sendHandshakeError;
    private final boolean clientMode;
    private final String fallbackApplicationProtocol;
    private final OpenSSLSessionContext sessionContext;
    private final boolean alpn;
    private final boolean initialized;
    private String selectedProtocol;
    private final OpenSSLSession session;

    /* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-9.0.16.jar:org/apache/tomcat/util/net/openssl/OpenSSLEngine$Accepted.class */
    public enum Accepted {
        NOT,
        IMPLICIT,
        EXPLICIT
    }

    /* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-9.0.16.jar:org/apache/tomcat/util/net/openssl/OpenSSLEngine$ClientAuthMode.class */
    public enum ClientAuthMode {
        NONE,
        OPTIONAL,
        REQUIRE
    }

    /* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-9.0.16.jar:org/apache/tomcat/util/net/openssl/OpenSSLEngine$OpenSSLSession.class */
    public class OpenSSLSession implements SSLSession {
        private Map<String, Object> values;
        private long lastAccessedTime;

        private OpenSSLSession() {
            this.lastAccessedTime = -1L;
        }

        @Override // javax.net.ssl.SSLSession
        public byte[] getId() {
            byte[] bArr = null;
            synchronized (OpenSSLEngine.this) {
                if (!OpenSSLEngine.this.destroyed) {
                    bArr = SSL.getSessionId(OpenSSLEngine.this.ssl);
                }
            }
            return bArr;
        }

        @Override // javax.net.ssl.SSLSession
        public SSLSessionContext getSessionContext() {
            return OpenSSLEngine.this.sessionContext;
        }

        @Override // javax.net.ssl.SSLSession
        public long getCreationTime() {
            long j = 0;
            synchronized (OpenSSLEngine.this) {
                if (!OpenSSLEngine.this.destroyed) {
                    j = SSL.getTime(OpenSSLEngine.this.ssl);
                }
            }
            return j * 1000;
        }

        @Override // javax.net.ssl.SSLSession
        public long getLastAccessedTime() {
            return this.lastAccessedTime > 0 ? this.lastAccessedTime : getCreationTime();
        }

        @Override // javax.net.ssl.SSLSession
        public void invalidate() {
        }

        @Override // javax.net.ssl.SSLSession
        public boolean isValid() {
            return false;
        }

        @Override // javax.net.ssl.SSLSession
        public void putValue(String str, Object obj) {
            if (str == null) {
                throw new IllegalArgumentException(OpenSSLEngine.sm.getString("engine.nullName"));
            }
            if (obj == null) {
                throw new IllegalArgumentException(OpenSSLEngine.sm.getString("engine.nullValue"));
            }
            Map<String, Object> map = this.values;
            if (map == null) {
                HashMap hashMap = new HashMap(2);
                this.values = hashMap;
                map = hashMap;
            }
            Object put = map.put(str, obj);
            if (obj instanceof SSLSessionBindingListener) {
                ((SSLSessionBindingListener) obj).valueBound(new SSLSessionBindingEvent(this, str));
            }
            notifyUnbound(put, str);
        }

        @Override // javax.net.ssl.SSLSession
        public Object getValue(String str) {
            if (str == null) {
                throw new IllegalArgumentException(OpenSSLEngine.sm.getString("engine.nullName"));
            }
            if (this.values == null) {
                return null;
            }
            return this.values.get(str);
        }

        @Override // javax.net.ssl.SSLSession
        public void removeValue(String str) {
            if (str == null) {
                throw new IllegalArgumentException(OpenSSLEngine.sm.getString("engine.nullName"));
            }
            Map<String, Object> map = this.values;
            if (map == null) {
                return;
            }
            notifyUnbound(map.remove(str), str);
        }

        @Override // javax.net.ssl.SSLSession
        public String[] getValueNames() {
            Map<String, Object> map = this.values;
            return (map == null || map.isEmpty()) ? new String[0] : (String[]) map.keySet().toArray(new String[map.size()]);
        }

        private void notifyUnbound(Object obj, String str) {
            if (obj instanceof SSLSessionBindingListener) {
                ((SSLSessionBindingListener) obj).valueUnbound(new SSLSessionBindingEvent(this, str));
            }
        }

        @Override // javax.net.ssl.SSLSession
        public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
            byte[][] peerCertChain;
            byte[] peerCertificate;
            Certificate[] certificateArr;
            Certificate[] certificateArr2 = OpenSSLEngine.this.peerCerts;
            if (certificateArr2 == null) {
                synchronized (OpenSSLEngine.this) {
                    if (OpenSSLEngine.this.destroyed || SSL.isInInit(OpenSSLEngine.this.ssl) != 0) {
                        throw new SSLPeerUnverifiedException(OpenSSLEngine.sm.getString("engine.unverifiedPeer"));
                    }
                    peerCertChain = SSL.getPeerCertChain(OpenSSLEngine.this.ssl);
                    peerCertificate = !OpenSSLEngine.this.clientMode ? SSL.getPeerCertificate(OpenSSLEngine.this.ssl) : null;
                }
                if (peerCertChain == null && peerCertificate == null) {
                    return null;
                }
                int i = 0;
                if (peerCertChain != null) {
                    i = 0 + peerCertChain.length;
                }
                int i2 = 0;
                if (peerCertificate != null) {
                    certificateArr = new Certificate[i + 1];
                    i2 = 0 + 1;
                    certificateArr[0] = new OpenSSLX509Certificate(peerCertificate);
                } else {
                    certificateArr = new Certificate[i];
                }
                if (peerCertChain != null) {
                    int i3 = 0;
                    while (i2 < certificateArr.length) {
                        int i4 = i3;
                        i3++;
                        certificateArr[i2] = new OpenSSLX509Certificate(peerCertChain[i4]);
                        i2++;
                    }
                }
                certificateArr2 = OpenSSLEngine.this.peerCerts = certificateArr;
            }
            return certificateArr2;
        }

        @Override // javax.net.ssl.SSLSession
        public Certificate[] getLocalCertificates() {
            return OpenSSLEngine.EMPTY_CERTIFICATES;
        }

        @Override // javax.net.ssl.SSLSession
        @Deprecated
        public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
            byte[][] peerCertChain;
            X509Certificate[] x509CertificateArr = OpenSSLEngine.this.x509PeerCerts;
            if (x509CertificateArr == null) {
                synchronized (OpenSSLEngine.this) {
                    if (OpenSSLEngine.this.destroyed || SSL.isInInit(OpenSSLEngine.this.ssl) != 0) {
                        throw new SSLPeerUnverifiedException(OpenSSLEngine.sm.getString("engine.unverifiedPeer"));
                    }
                    peerCertChain = SSL.getPeerCertChain(OpenSSLEngine.this.ssl);
                }
                if (peerCertChain == null) {
                    throw new SSLPeerUnverifiedException(OpenSSLEngine.sm.getString("engine.unverifiedPeer"));
                }
                X509Certificate[] x509CertificateArr2 = new X509Certificate[peerCertChain.length];
                for (int i = 0; i < x509CertificateArr2.length; i++) {
                    try {
                        x509CertificateArr2[i] = X509Certificate.getInstance(peerCertChain[i]);
                    } catch (CertificateException e) {
                        throw new IllegalStateException(e);
                    }
                }
                x509CertificateArr = OpenSSLEngine.this.x509PeerCerts = x509CertificateArr2;
            }
            return x509CertificateArr;
        }

        @Override // javax.net.ssl.SSLSession
        public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
            Certificate[] peerCertificates = getPeerCertificates();
            if (peerCertificates == null || peerCertificates.length == 0) {
                return null;
            }
            return principal(peerCertificates);
        }

        @Override // javax.net.ssl.SSLSession
        public Principal getLocalPrincipal() {
            Certificate[] localCertificates = getLocalCertificates();
            if (localCertificates == null || localCertificates.length == 0) {
                return null;
            }
            return principal(localCertificates);
        }

        private Principal principal(Certificate[] certificateArr) {
            return ((java.security.cert.X509Certificate) certificateArr[0]).getIssuerX500Principal();
        }

        @Override // javax.net.ssl.SSLSession
        public String getCipherSuite() {
            if (OpenSSLEngine.this.cipher == null) {
                synchronized (OpenSSLEngine.this) {
                    if (!OpenSSLEngine.this.handshakeFinished) {
                        return OpenSSLEngine.INVALID_CIPHER;
                    }
                    if (OpenSSLEngine.this.destroyed) {
                        return OpenSSLEngine.INVALID_CIPHER;
                    }
                    String openSSLToJsse = OpenSSLCipherConfigurationParser.openSSLToJsse(SSL.getCipherForSSL(OpenSSLEngine.this.ssl));
                    if (openSSLToJsse != null) {
                        OpenSSLEngine.this.cipher = openSSLToJsse;
                    }
                }
            }
            return OpenSSLEngine.this.cipher;
        }

        @Override // javax.net.ssl.SSLSession
        public String getProtocol() {
            String str = OpenSSLEngine.this.applicationProtocol;
            if (str == null) {
                synchronized (OpenSSLEngine.this) {
                    if (!OpenSSLEngine.this.destroyed) {
                        str = SSL.getNextProtoNegotiated(OpenSSLEngine.this.ssl);
                    }
                }
                if (str == null) {
                    str = OpenSSLEngine.this.fallbackApplicationProtocol;
                }
                if (str != null) {
                    OpenSSLEngine.this.applicationProtocol = str.replace(':', '_');
                } else {
                    str = "";
                    OpenSSLEngine.this.applicationProtocol = "";
                }
            }
            String str2 = null;
            synchronized (OpenSSLEngine.this) {
                if (!OpenSSLEngine.this.destroyed) {
                    str2 = SSL.getVersion(OpenSSLEngine.this.ssl);
                }
            }
            return str.isEmpty() ? str2 : str2 + ':' + str;
        }

        @Override // javax.net.ssl.SSLSession
        public String getPeerHost() {
            return null;
        }

        @Override // javax.net.ssl.SSLSession
        public int getPeerPort() {
            return 0;
        }

        @Override // javax.net.ssl.SSLSession
        public int getPacketBufferSize() {
            return OpenSSLEngine.MAX_ENCRYPTED_PACKET_LENGTH;
        }

        @Override // javax.net.ssl.SSLSession
        public int getApplicationBufferSize() {
            return 16384;
        }

        /* synthetic */ OpenSSLSession(OpenSSLEngine openSSLEngine, AnonymousClass1 anonymousClass1) {
            this();
        }

        /*  JADX ERROR: Failed to decode insn: 0x0002: MOVE_MULTI, method: org.apache.tomcat.util.net.openssl.OpenSSLEngine.OpenSSLSession.access$102(org.apache.tomcat.util.net.openssl.OpenSSLEngine$OpenSSLSession, long):long
            java.lang.ArrayIndexOutOfBoundsException: arraycopy: source index -1 out of bounds for object array[6]
            	at java.base/java.lang.System.arraycopy(Native Method)
            	at jadx.plugins.input.java.data.code.StackState.insert(StackState.java:49)
            	at jadx.plugins.input.java.data.code.CodeDecodeState.insert(CodeDecodeState.java:118)
            	at jadx.plugins.input.java.data.code.JavaInsnsRegister.dup2x1(JavaInsnsRegister.java:313)
            	at jadx.plugins.input.java.data.code.JavaInsnData.decode(JavaInsnData.java:46)
            	at jadx.core.dex.instructions.InsnDecoder.lambda$process$0(InsnDecoder.java:54)
            	at jadx.plugins.input.java.data.code.JavaCodeReader.visitInstructions(JavaCodeReader.java:81)
            	at jadx.core.dex.instructions.InsnDecoder.process(InsnDecoder.java:50)
            	at jadx.core.dex.nodes.MethodNode.load(MethodNode.java:156)
            	at jadx.core.dex.nodes.ClassNode.load(ClassNode.java:443)
            	at jadx.core.dex.nodes.ClassNode.load(ClassNode.java:449)
            	at jadx.core.ProcessClass.process(ProcessClass.java:70)
            	at jadx.core.ProcessClass.generateCode(ProcessClass.java:118)
            	at jadx.core.dex.nodes.ClassNode.generateClassCode(ClassNode.java:400)
            	at jadx.core.dex.nodes.ClassNode.decompile(ClassNode.java:388)
            	at jadx.core.dex.nodes.ClassNode.getCode(ClassNode.java:338)
            */
        static /* synthetic */ long access$102(org.apache.tomcat.util.net.openssl.OpenSSLEngine.OpenSSLSession r6, long r7) {
            /*
                r0 = r6
                r1 = r7
                // decode failed: arraycopy: source index -1 out of bounds for object array[6]
                r0.lastAccessedTime = r1
                return r-1
            */
            throw new UnsupportedOperationException("Method not decompiled: org.apache.tomcat.util.net.openssl.OpenSSLEngine.OpenSSLSession.access$102(org.apache.tomcat.util.net.openssl.OpenSSLEngine$OpenSSLSession, long):long");
        }
    }

    OpenSSLEngine(long j, String str, boolean z, OpenSSLSessionContext openSSLSessionContext, boolean z2) {
        this(j, str, z, openSSLSessionContext, z2, false);
    }

    public OpenSSLEngine(long j, String str, boolean z, OpenSSLSessionContext openSSLSessionContext, boolean z2, boolean z3) {
        this.accepted = Accepted.NOT;
        this.clientAuth = ClientAuthMode.NONE;
        this.sendHandshakeError = false;
        this.selectedProtocol = null;
        if (j == 0) {
            throw new IllegalArgumentException(sm.getString("engine.noSSLContext"));
        }
        this.session = new OpenSSLSession();
        this.destroyed = true;
        this.ssl = SSL.newSSL(j, !z);
        this.networkBIO = SSL.makeNetworkBIO(this.ssl);
        this.destroyed = false;
        this.fallbackApplicationProtocol = str;
        this.clientMode = z;
        this.sessionContext = openSSLSessionContext;
        this.alpn = z2;
        this.initialized = z3;
    }

    @Override // org.apache.tomcat.util.net.SSLUtil.ProtocolInfo
    public String getNegotiatedProtocol() {
        return this.selectedProtocol;
    }

    public synchronized void shutdown() {
        if (this.destroyed) {
            return;
        }
        this.destroyed = true;
        SSL.freeBIO(this.networkBIO);
        SSL.freeSSL(this.ssl);
        this.networkBIO = 0L;
        this.ssl = 0L;
        this.engineClosed = true;
        this.isOutboundDone = true;
        this.isInboundDone = true;
    }

    private static int writePlaintextData(long j, ByteBuffer byteBuffer) {
        int writeToSSL;
        int position = byteBuffer.position();
        int limit = byteBuffer.limit();
        int min = Math.min(limit - position, 16384);
        if (byteBuffer.isDirect()) {
            writeToSSL = SSL.writeToSSL(j, Buffer.address(byteBuffer) + position, min);
            if (writeToSSL >= 0) {
                byteBuffer.position(position + writeToSSL);
                return writeToSSL;
            }
        } else {
            ByteBuffer allocateDirect = ByteBuffer.allocateDirect(min);
            try {
                long memoryAddress = memoryAddress(allocateDirect);
                byteBuffer.limit(position + min);
                allocateDirect.put(byteBuffer);
                byteBuffer.limit(limit);
                writeToSSL = SSL.writeToSSL(j, memoryAddress, min);
                if (writeToSSL >= 0) {
                    byteBuffer.position(position + writeToSSL);
                    allocateDirect.clear();
                    ByteBufferUtils.cleanDirectBuffer(allocateDirect);
                    return writeToSSL;
                }
                byteBuffer.position(position);
                allocateDirect.clear();
                ByteBufferUtils.cleanDirectBuffer(allocateDirect);
            } catch (Throwable th) {
                allocateDirect.clear();
                ByteBufferUtils.cleanDirectBuffer(allocateDirect);
                throw th;
            }
        }
        throw new IllegalStateException(sm.getString("engine.writeToSSLFailed", Integer.toString(writeToSSL)));
    }

    private static int writeEncryptedData(long j, ByteBuffer byteBuffer) {
        int position = byteBuffer.position();
        int remaining = byteBuffer.remaining();
        if (byteBuffer.isDirect()) {
            int writeToBIO = SSL.writeToBIO(j, Buffer.address(byteBuffer) + position, remaining);
            if (writeToBIO < 0) {
                return -1;
            }
            byteBuffer.position(position + writeToBIO);
            return writeToBIO;
        }
        ByteBuffer allocateDirect = ByteBuffer.allocateDirect(remaining);
        try {
            long memoryAddress = memoryAddress(allocateDirect);
            allocateDirect.put(byteBuffer);
            int writeToBIO2 = SSL.writeToBIO(j, memoryAddress, remaining);
            if (writeToBIO2 >= 0) {
                byteBuffer.position(position + writeToBIO2);
                allocateDirect.clear();
                ByteBufferUtils.cleanDirectBuffer(allocateDirect);
                return writeToBIO2;
            }
            byteBuffer.position(position);
            allocateDirect.clear();
            ByteBufferUtils.cleanDirectBuffer(allocateDirect);
            return -1;
        } catch (Throwable th) {
            allocateDirect.clear();
            ByteBufferUtils.cleanDirectBuffer(allocateDirect);
            throw th;
        }
    }

    private static int readPlaintextData(long j, ByteBuffer byteBuffer) {
        if (byteBuffer.isDirect()) {
            int position = byteBuffer.position();
            int readFromSSL = SSL.readFromSSL(j, Buffer.address(byteBuffer) + position, byteBuffer.limit() - position);
            if (readFromSSL <= 0) {
                return 0;
            }
            byteBuffer.position(position + readFromSSL);
            return readFromSSL;
        }
        int position2 = byteBuffer.position();
        int limit = byteBuffer.limit();
        int min = Math.min(MAX_ENCRYPTED_PACKET_LENGTH, limit - position2);
        ByteBuffer allocateDirect = ByteBuffer.allocateDirect(min);
        try {
            int readFromSSL2 = SSL.readFromSSL(j, memoryAddress(allocateDirect), min);
            if (readFromSSL2 <= 0) {
                allocateDirect.clear();
                ByteBufferUtils.cleanDirectBuffer(allocateDirect);
                return 0;
            }
            allocateDirect.limit(readFromSSL2);
            byteBuffer.limit(position2 + readFromSSL2);
            byteBuffer.put(allocateDirect);
            byteBuffer.limit(limit);
            allocateDirect.clear();
            ByteBufferUtils.cleanDirectBuffer(allocateDirect);
            return readFromSSL2;
        } catch (Throwable th) {
            allocateDirect.clear();
            ByteBufferUtils.cleanDirectBuffer(allocateDirect);
            throw th;
        }
    }

    private static int readEncryptedData(long j, ByteBuffer byteBuffer, int i) {
        if (byteBuffer.isDirect() && byteBuffer.remaining() >= i) {
            int position = byteBuffer.position();
            int readFromBIO = SSL.readFromBIO(j, Buffer.address(byteBuffer) + position, i);
            if (readFromBIO <= 0) {
                return 0;
            }
            byteBuffer.position(position + readFromBIO);
            return readFromBIO;
        }
        ByteBuffer allocateDirect = ByteBuffer.allocateDirect(i);
        try {
            int readFromBIO2 = SSL.readFromBIO(j, memoryAddress(allocateDirect), i);
            if (readFromBIO2 <= 0) {
                allocateDirect.clear();
                ByteBufferUtils.cleanDirectBuffer(allocateDirect);
                return 0;
            }
            allocateDirect.limit(readFromBIO2);
            int limit = byteBuffer.limit();
            byteBuffer.limit(byteBuffer.position() + readFromBIO2);
            byteBuffer.put(allocateDirect);
            byteBuffer.limit(limit);
            allocateDirect.clear();
            ByteBufferUtils.cleanDirectBuffer(allocateDirect);
            return readFromBIO2;
        } catch (Throwable th) {
            allocateDirect.clear();
            ByteBufferUtils.cleanDirectBuffer(allocateDirect);
            throw th;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLEngineResult wrap(ByteBuffer[] byteBufferArr, int i, int i2, ByteBuffer byteBuffer) throws SSLException {
        if (this.destroyed) {
            return new SSLEngineResult(SSLEngineResult.Status.CLOSED, SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, 0, 0);
        }
        if (byteBufferArr == null || byteBuffer == null) {
            throw new IllegalArgumentException(sm.getString("engine.nullBuffer"));
        }
        if (i >= byteBufferArr.length || i + i2 > byteBufferArr.length) {
            throw new IndexOutOfBoundsException(sm.getString("engine.invalidBufferArray", Integer.toString(i), Integer.toString(i2), Integer.toString(byteBufferArr.length)));
        }
        if (byteBuffer.isReadOnly()) {
            throw new ReadOnlyBufferException();
        }
        if (this.accepted == Accepted.NOT) {
            beginHandshakeImplicitly();
        }
        SSLEngineResult.HandshakeStatus handshakeStatus = getHandshakeStatus();
        if ((!this.handshakeFinished || this.engineClosed) && handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
            return new SSLEngineResult(getEngineStatus(), SSLEngineResult.HandshakeStatus.NEED_UNWRAP, 0, 0);
        }
        int pendingWrittenBytesInBIO = SSL.pendingWrittenBytesInBIO(this.networkBIO);
        if (pendingWrittenBytesInBIO > 0) {
            if (byteBuffer.remaining() < pendingWrittenBytesInBIO) {
                return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, handshakeStatus, 0, 0);
            }
            try {
                int readEncryptedData = readEncryptedData(this.networkBIO, byteBuffer, pendingWrittenBytesInBIO);
                if (this.isOutboundDone) {
                    shutdown();
                }
                return new SSLEngineResult(getEngineStatus(), getHandshakeStatus(), 0, readEncryptedData);
            } catch (Exception e) {
                throw new SSLException(e);
            }
        }
        int i3 = 0;
        int i4 = i + i2;
        for (int i5 = i; i5 < i4; i5++) {
            ByteBuffer byteBuffer2 = byteBufferArr[i5];
            if (byteBuffer2 == null) {
                throw new IllegalArgumentException(sm.getString("engine.nullBufferInArray"));
            }
            while (byteBuffer2.hasRemaining()) {
                try {
                    i3 += writePlaintextData(this.ssl, byteBuffer2);
                    int pendingWrittenBytesInBIO2 = SSL.pendingWrittenBytesInBIO(this.networkBIO);
                    if (pendingWrittenBytesInBIO2 > 0) {
                        if (byteBuffer.remaining() < pendingWrittenBytesInBIO2) {
                            return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, getHandshakeStatus(), i3, 0);
                        }
                        try {
                            return new SSLEngineResult(getEngineStatus(), getHandshakeStatus(), i3, 0 + readEncryptedData(this.networkBIO, byteBuffer, pendingWrittenBytesInBIO2));
                        } catch (Exception e2) {
                            throw new SSLException(e2);
                        }
                    }
                } catch (Exception e3) {
                    throw new SSLException(e3);
                }
            }
        }
        return new SSLEngineResult(getEngineStatus(), getHandshakeStatus(), i3, 0);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr, int i, int i2) throws SSLException {
        if (this.destroyed) {
            return new SSLEngineResult(SSLEngineResult.Status.CLOSED, SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, 0, 0);
        }
        if (byteBuffer == null || byteBufferArr == null) {
            throw new IllegalArgumentException(sm.getString("engine.nullBuffer"));
        }
        if (i >= byteBufferArr.length || i + i2 > byteBufferArr.length) {
            throw new IndexOutOfBoundsException(sm.getString("engine.invalidBufferArray", Integer.toString(i), Integer.toString(i2), Integer.toString(byteBufferArr.length)));
        }
        int i3 = 0;
        int i4 = i + i2;
        for (int i5 = i; i5 < i4; i5++) {
            ByteBuffer byteBuffer2 = byteBufferArr[i5];
            if (byteBuffer2 == null) {
                throw new IllegalArgumentException(sm.getString("engine.nullBufferInArray"));
            }
            if (byteBuffer2.isReadOnly()) {
                throw new ReadOnlyBufferException();
            }
            i3 += byteBuffer2.remaining();
        }
        if (this.accepted == Accepted.NOT) {
            beginHandshakeImplicitly();
        }
        SSLEngineResult.HandshakeStatus handshakeStatus = getHandshakeStatus();
        if ((!this.handshakeFinished || this.engineClosed) && handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
            return new SSLEngineResult(getEngineStatus(), SSLEngineResult.HandshakeStatus.NEED_WRAP, 0, 0);
        }
        if (byteBuffer.remaining() > MAX_ENCRYPTED_PACKET_LENGTH) {
            this.isInboundDone = true;
            this.isOutboundDone = true;
            this.engineClosed = true;
            shutdown();
            throw new SSLException(sm.getString("engine.oversizedPacket"));
        }
        try {
            int writeEncryptedData = writeEncryptedData(this.networkBIO, byteBuffer);
            if (writeEncryptedData < 0) {
                writeEncryptedData = 0;
            }
            int pendingReadableBytesInSSL = pendingReadableBytesInSSL();
            if (!this.handshakeFinished) {
                pendingReadableBytesInSSL = 0;
            }
            int i6 = 0;
            int i7 = i;
            if (i3 < pendingReadableBytesInSSL) {
                return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, getHandshakeStatus(), writeEncryptedData, 0);
            }
            while (pendingReadableBytesInSSL > 0) {
                while (i7 < i4) {
                    ByteBuffer byteBuffer3 = byteBufferArr[i7];
                    if (!byteBuffer3.hasRemaining()) {
                        i7++;
                    } else {
                        if (pendingReadableBytesInSSL <= 0) {
                            break;
                        }
                        try {
                            int readPlaintextData = readPlaintextData(this.ssl, byteBuffer3);
                            if (readPlaintextData == 0) {
                                break;
                            }
                            i6 += readPlaintextData;
                            pendingReadableBytesInSSL -= readPlaintextData;
                            i3 -= readPlaintextData;
                            if (!byteBuffer3.hasRemaining()) {
                                i7++;
                            }
                        } catch (Exception e) {
                            throw new SSLException(e);
                        }
                    }
                }
                if (i3 == 0) {
                    break;
                }
                if (pendingReadableBytesInSSL == 0) {
                    pendingReadableBytesInSSL = pendingReadableBytesInSSL();
                }
            }
            if (!this.receivedShutdown && (SSL.getShutdown(this.ssl) & 2) == 2) {
                this.receivedShutdown = true;
                closeOutbound();
                closeInbound();
            }
            return (i6 != 0 || (writeEncryptedData != 0 && (writeEncryptedData <= 0 || byteBuffer.hasRemaining() || !this.handshakeFinished))) ? new SSLEngineResult(getEngineStatus(), getHandshakeStatus(), writeEncryptedData, i6) : new SSLEngineResult(SSLEngineResult.Status.BUFFER_UNDERFLOW, getHandshakeStatus(), writeEncryptedData, 0);
        } catch (Exception e2) {
            throw new SSLException(e2);
        }
    }

    private int pendingReadableBytesInSSL() throws SSLException {
        clearLastError();
        int readFromSSL = SSL.readFromSSL(this.ssl, EMPTY_ADDR, 0);
        if (readFromSSL <= 0) {
            checkLastError();
        }
        int pendingReadableBytesInSSL = SSL.pendingReadableBytesInSSL(this.ssl);
        if (Constants.SSL_PROTO_TLSv1.equals(this.version) && readFromSSL == 0 && pendingReadableBytesInSSL == 0) {
            if (SSL.readFromSSL(this.ssl, EMPTY_ADDR, 0) <= 0) {
                checkLastError();
            }
            pendingReadableBytesInSSL = SSL.pendingReadableBytesInSSL(this.ssl);
        }
        return pendingReadableBytesInSSL;
    }

    @Override // javax.net.ssl.SSLEngine
    public Runnable getDelegatedTask() {
        return null;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void closeInbound() throws SSLException {
        if (this.isInboundDone) {
            return;
        }
        this.isInboundDone = true;
        this.engineClosed = true;
        shutdown();
        if (this.accepted != Accepted.NOT && !this.receivedShutdown) {
            throw new SSLException(sm.getString("engine.inboundClose"));
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean isInboundDone() {
        return this.isInboundDone || this.engineClosed;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void closeOutbound() {
        if (this.isOutboundDone) {
            return;
        }
        this.isOutboundDone = true;
        this.engineClosed = true;
        if (this.accepted == Accepted.NOT || this.destroyed) {
            shutdown();
        } else if ((SSL.getShutdown(this.ssl) & 1) != 1) {
            SSL.shutdownSSL(this.ssl);
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean isOutboundDone() {
        return this.isOutboundDone;
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedCipherSuites() {
        Set<String> set = AVAILABLE_CIPHER_SUITES;
        return (String[]) set.toArray(new String[set.size()]);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized String[] getEnabledCipherSuites() {
        if (this.destroyed) {
            return new String[0];
        }
        String[] ciphers = SSL.getCiphers(this.ssl);
        if (ciphers == null) {
            return new String[0];
        }
        for (int i = 0; i < ciphers.length; i++) {
            String openSSLToJsse = OpenSSLCipherConfigurationParser.openSSLToJsse(ciphers[i]);
            if (openSSLToJsse != null) {
                ciphers[i] = openSSLToJsse;
            }
        }
        return ciphers;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setEnabledCipherSuites(String[] strArr) {
        if (this.initialized) {
            return;
        }
        if (strArr == null) {
            throw new IllegalArgumentException(sm.getString("engine.nullCipherSuite"));
        }
        if (this.destroyed) {
            return;
        }
        StringBuilder sb = new StringBuilder();
        for (String str : strArr) {
            if (str == null) {
                break;
            }
            String jsseToOpenSSL = OpenSSLCipherConfigurationParser.jsseToOpenSSL(str);
            if (!AVAILABLE_CIPHER_SUITES.contains(str)) {
                logger.debug(sm.getString("engine.unsupportedCipher", str, jsseToOpenSSL));
            }
            if (jsseToOpenSSL != null) {
                str = jsseToOpenSSL;
            }
            sb.append(str);
            sb.append(':');
        }
        if (sb.length() == 0) {
            throw new IllegalArgumentException(sm.getString("engine.emptyCipherSuite"));
        }
        sb.setLength(sb.length() - 1);
        String sb2 = sb.toString();
        try {
            SSL.setCipherSuites(this.ssl, sb2);
        } catch (Exception e) {
            throw new IllegalStateException(sm.getString("engine.failedCipherSuite", sb2), e);
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedProtocols() {
        return (String[]) IMPLEMENTED_PROTOCOLS_SET.toArray(new String[IMPLEMENTED_PROTOCOLS_SET.size()]);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized String[] getEnabledProtocols() {
        if (this.destroyed) {
            return new String[0];
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(Constants.SSL_PROTO_SSLv2Hello);
        int options = SSL.getOptions(this.ssl);
        if ((options & SSL.SSL_OP_NO_TLSv1) == 0) {
            arrayList.add(Constants.SSL_PROTO_TLSv1);
        }
        if ((options & 268435456) == 0) {
            arrayList.add(Constants.SSL_PROTO_TLSv1_1);
        }
        if ((options & 134217728) == 0) {
            arrayList.add(Constants.SSL_PROTO_TLSv1_2);
        }
        if ((options & 16777216) == 0) {
            arrayList.add(Constants.SSL_PROTO_SSLv2);
        }
        if ((options & 33554432) == 0) {
            arrayList.add(Constants.SSL_PROTO_SSLv3);
        }
        int size = arrayList.size();
        return size == 0 ? new String[0] : (String[]) arrayList.toArray(new String[size]);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setEnabledProtocols(String[] strArr) {
        if (this.initialized) {
            return;
        }
        if (strArr == null) {
            throw new IllegalArgumentException();
        }
        if (this.destroyed) {
            return;
        }
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        for (String str : strArr) {
            if (!IMPLEMENTED_PROTOCOLS_SET.contains(str)) {
                throw new IllegalArgumentException(sm.getString("engine.unsupportedProtocol", str));
            }
            if (str.equals(Constants.SSL_PROTO_SSLv2)) {
                z = true;
            } else if (str.equals(Constants.SSL_PROTO_SSLv3)) {
                z2 = true;
            } else if (str.equals(Constants.SSL_PROTO_TLSv1)) {
                z3 = true;
            } else if (str.equals(Constants.SSL_PROTO_TLSv1_1)) {
                z4 = true;
            } else if (str.equals(Constants.SSL_PROTO_TLSv1_2)) {
                z5 = true;
            }
        }
        SSL.setOptions(this.ssl, 4095);
        if (!z) {
            SSL.setOptions(this.ssl, 16777216);
        }
        if (!z2) {
            SSL.setOptions(this.ssl, 33554432);
        }
        if (!z3) {
            SSL.setOptions(this.ssl, SSL.SSL_OP_NO_TLSv1);
        }
        if (!z4) {
            SSL.setOptions(this.ssl, 268435456);
        }
        if (z5) {
            return;
        }
        SSL.setOptions(this.ssl, 134217728);
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLSession getSession() {
        return this.session;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void beginHandshake() throws SSLException {
        if (this.engineClosed || this.destroyed) {
            throw new SSLException(sm.getString("engine.engineClosed"));
        }
        switch (this.accepted) {
            case NOT:
                handshake();
                this.accepted = Accepted.EXPLICIT;
                return;
            case IMPLICIT:
                this.accepted = Accepted.EXPLICIT;
                return;
            case EXPLICIT:
                renegotiate();
                return;
            default:
                return;
        }
    }

    private void beginHandshakeImplicitly() throws SSLException {
        handshake();
        this.accepted = Accepted.IMPLICIT;
    }

    private void handshake() throws SSLException {
        this.currentHandshake = SSL.getHandshakeCount(this.ssl);
        clearLastError();
        if (SSL.doHandshake(this.ssl) <= 0) {
            checkLastError();
            return;
        }
        if (this.alpn) {
            this.selectedProtocol = SSL.getAlpnSelected(this.ssl);
            if (this.selectedProtocol == null) {
                this.selectedProtocol = SSL.getNextProtoNegotiated(this.ssl);
            }
        }
        OpenSSLSession.access$102(this.session, System.currentTimeMillis());
        this.handshakeFinished = true;
    }

    private synchronized void renegotiate() throws SSLException {
        clearLastError();
        if ((SSL.getVersion(this.ssl).equals(Constants.SSL_PROTO_TLSv1_3) ? SSL.verifyClientPostHandshake(this.ssl) : SSL.renegotiate(this.ssl)) <= 0) {
            checkLastError();
        }
        this.handshakeFinished = false;
        this.peerCerts = null;
        this.x509PeerCerts = null;
        this.currentHandshake = SSL.getHandshakeCount(this.ssl);
        if (SSL.doHandshake(this.ssl) <= 0) {
            checkLastError();
        }
    }

    private void checkLastError() throws SSLException {
        long lastErrorNumber = SSL.getLastErrorNumber();
        if (lastErrorNumber != 0) {
            String errorString = SSL.getErrorString(lastErrorNumber);
            if (logger.isDebugEnabled()) {
                logger.debug(sm.getString("engine.openSSLError", Long.toString(lastErrorNumber), errorString));
            }
            if (this.handshakeFinished) {
                throw new SSLException(errorString);
            }
            this.sendHandshakeError = true;
        }
    }

    private void clearLastError() {
        SSL.getLastErrorNumber();
    }

    private static long memoryAddress(ByteBuffer byteBuffer) {
        return Buffer.address(byteBuffer);
    }

    private SSLEngineResult.Status getEngineStatus() {
        return this.engineClosed ? SSLEngineResult.Status.CLOSED : SSLEngineResult.Status.OK;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLEngineResult.HandshakeStatus getHandshakeStatus() {
        if (this.accepted == Accepted.NOT || this.destroyed) {
            return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
        }
        if (this.handshakeFinished) {
            return this.engineClosed ? SSL.pendingWrittenBytesInBIO(this.networkBIO) != 0 ? SSLEngineResult.HandshakeStatus.NEED_WRAP : SSLEngineResult.HandshakeStatus.NEED_UNWRAP : SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
        }
        if (this.sendHandshakeError || SSL.pendingWrittenBytesInBIO(this.networkBIO) != 0) {
            if (this.sendHandshakeError) {
                this.sendHandshakeError = false;
                this.currentHandshake++;
            }
            return SSLEngineResult.HandshakeStatus.NEED_WRAP;
        }
        if (SSL.getHandshakeCount(this.ssl) == this.currentHandshake || SSL.renegotiatePending(this.ssl) != 0 || SSL.getPostHandshakeAuthInProgress(this.ssl) != 0) {
            return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
        }
        if (this.alpn) {
            this.selectedProtocol = SSL.getAlpnSelected(this.ssl);
            if (this.selectedProtocol == null) {
                this.selectedProtocol = SSL.getNextProtoNegotiated(this.ssl);
            }
        }
        OpenSSLSession.access$102(this.session, System.currentTimeMillis());
        this.version = SSL.getVersion(this.ssl);
        this.handshakeFinished = true;
        return SSLEngineResult.HandshakeStatus.FINISHED;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setUseClientMode(boolean z) {
        if (z != this.clientMode) {
            throw new UnsupportedOperationException();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getUseClientMode() {
        return this.clientMode;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setNeedClientAuth(boolean z) {
        setClientAuth(z ? ClientAuthMode.REQUIRE : ClientAuthMode.NONE);
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getNeedClientAuth() {
        return this.clientAuth == ClientAuthMode.REQUIRE;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setWantClientAuth(boolean z) {
        setClientAuth(z ? ClientAuthMode.OPTIONAL : ClientAuthMode.NONE);
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getWantClientAuth() {
        return this.clientAuth == ClientAuthMode.OPTIONAL;
    }

    private void setClientAuth(ClientAuthMode clientAuthMode) {
        if (this.clientMode) {
            return;
        }
        synchronized (this) {
            if (this.clientAuth == clientAuthMode) {
                return;
            }
            switch (clientAuthMode) {
                case NONE:
                    SSL.setVerify(this.ssl, 0, 10);
                    break;
                case REQUIRE:
                    SSL.setVerify(this.ssl, 2, 10);
                    break;
                case OPTIONAL:
                    SSL.setVerify(this.ssl, 1, 10);
                    break;
            }
            this.clientAuth = clientAuthMode;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnableSessionCreation(boolean z) {
        if (z) {
            throw new UnsupportedOperationException();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getEnableSessionCreation() {
        return false;
    }

    protected void finalize() throws Throwable {
        super.finalize();
        shutdown();
    }

    /* JADX WARN: Finally extract failed */
    static {
        long make;
        LinkedHashSet linkedHashSet = new LinkedHashSet(128);
        long create = Pool.create(0L);
        try {
            try {
                make = SSLContext.make(create, SSL.SSL_PROTOCOL_ALL, 1);
            } catch (Exception e) {
                logger.warn(sm.getString("engine.ciphersFailure"), e);
                Pool.destroy(create);
            }
            try {
                SSLContext.setOptions(make, 4095);
                SSLContext.setCipherSuite(make, "ALL");
                long newSSL = SSL.newSSL(make, true);
                try {
                    for (String str : SSL.getCiphers(newSSL)) {
                        if (str != null && str.length() != 0 && !linkedHashSet.contains(str)) {
                            linkedHashSet.add(OpenSSLCipherConfigurationParser.openSSLToJsse(str));
                        }
                    }
                    SSL.freeSSL(newSSL);
                    SSLContext.free(make);
                    Pool.destroy(create);
                    AVAILABLE_CIPHER_SUITES = Collections.unmodifiableSet(linkedHashSet);
                    HashSet hashSet = new HashSet();
                    hashSet.add(Constants.SSL_PROTO_SSLv2Hello);
                    hashSet.add(Constants.SSL_PROTO_SSLv2);
                    hashSet.add(Constants.SSL_PROTO_SSLv3);
                    hashSet.add(Constants.SSL_PROTO_TLSv1);
                    hashSet.add(Constants.SSL_PROTO_TLSv1_1);
                    hashSet.add(Constants.SSL_PROTO_TLSv1_2);
                    if (SSL.version() >= 269488143) {
                        hashSet.add(Constants.SSL_PROTO_TLSv1_3);
                    }
                    IMPLEMENTED_PROTOCOLS_SET = Collections.unmodifiableSet(hashSet);
                    EMPTY_ADDR = Buffer.address(ByteBuffer.allocate(0));
                } catch (Throwable th) {
                    SSL.freeSSL(newSSL);
                    throw th;
                }
            } catch (Throwable th2) {
                SSLContext.free(make);
                throw th2;
            }
        } catch (Throwable th3) {
            Pool.destroy(create);
            throw th3;
        }
    }
}
