package org.opends.server.extensions;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.ByteChannel;
import java.nio.channels.ClosedChannelException;
import java.security.cert.Certificate;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.SortedSet;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.opends.server.admin.std.meta.LDAPConnectionHandlerCfgDefn;
import org.opends.server.admin.std.server.LDAPConnectionHandlerCfg;
import org.opends.server.api.ClientConnection;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.tools.ToolConstants;
import org.opends.server.types.DebugLogLevel;

/* loaded from: input_file:org/opends/server/extensions/TLSByteChannel.class */
public class TLSByteChannel implements ByteChannel, ConnectionSecurityProvider {
    private final ClientConnection connection;
    private final ByteChannel socketChannel;
    private final SSLEngine sslEngine;
    private final ByteBuffer appData;
    private final ByteBuffer appNetData;
    private final ByteBuffer netData;
    private final ByteBuffer tempData;
    private final int sslBufferSize;
    private final int appBufSize;
    private boolean reading = false;
    private static final DebugTracer TRACER = DebugLogger.getTracer();
    private static final Map<String, Integer> cipherMap = new LinkedHashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.opends.server.extensions.TLSByteChannel$1, reason: invalid class name */
    /* loaded from: input_file:org/opends/server/extensions/TLSByteChannel$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $SwitchMap$org$opends$server$admin$std$meta$LDAPConnectionHandlerCfgDefn$SSLClientAuthPolicy = new int[LDAPConnectionHandlerCfgDefn.SSLClientAuthPolicy.values().length];
            try {
                $SwitchMap$org$opends$server$admin$std$meta$LDAPConnectionHandlerCfgDefn$SSLClientAuthPolicy[LDAPConnectionHandlerCfgDefn.SSLClientAuthPolicy.DISABLED.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$opends$server$admin$std$meta$LDAPConnectionHandlerCfgDefn$SSLClientAuthPolicy[LDAPConnectionHandlerCfgDefn.SSLClientAuthPolicy.REQUIRED.ordinal()] = 2;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$opends$server$admin$std$meta$LDAPConnectionHandlerCfgDefn$SSLClientAuthPolicy[LDAPConnectionHandlerCfgDefn.SSLClientAuthPolicy.OPTIONAL.ordinal()] = 3;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    private TLSByteChannel(LDAPConnectionHandlerCfg lDAPConnectionHandlerCfg, ClientConnection clientConnection, ByteChannel byteChannel, SSLContext sSLContext) {
        this.socketChannel = byteChannel;
        this.connection = clientConnection;
        this.sslEngine = sSLContext.createSSLEngine();
        this.sslEngine.setUseClientMode(false);
        SortedSet<String> sSLProtocol = lDAPConnectionHandlerCfg.getSSLProtocol();
        if (!sSLProtocol.isEmpty()) {
            this.sslEngine.setEnabledProtocols((String[]) sSLProtocol.toArray(new String[0]));
        }
        SortedSet<String> sSLCipherSuite = lDAPConnectionHandlerCfg.getSSLCipherSuite();
        if (!sSLCipherSuite.isEmpty()) {
            this.sslEngine.setEnabledCipherSuites((String[]) sSLCipherSuite.toArray(new String[0]));
        }
        switch (lDAPConnectionHandlerCfg.getSSLClientAuthPolicy()) {
            case DISABLED:
                this.sslEngine.setNeedClientAuth(false);
                this.sslEngine.setWantClientAuth(false);
                break;
            case REQUIRED:
                this.sslEngine.setWantClientAuth(true);
                this.sslEngine.setNeedClientAuth(true);
                break;
            case OPTIONAL:
            default:
                this.sslEngine.setNeedClientAuth(false);
                this.sslEngine.setWantClientAuth(true);
                break;
        }
        SSLSession session = this.sslEngine.getSession();
        this.sslBufferSize = session.getPacketBufferSize();
        this.appBufSize = session.getApplicationBufferSize();
        this.appNetData = ByteBuffer.allocate(this.sslBufferSize);
        this.netData = ByteBuffer.allocate(this.sslBufferSize);
        this.appData = ByteBuffer.allocate(session.getApplicationBufferSize());
        this.tempData = ByteBuffer.allocate(session.getApplicationBufferSize());
    }

    @Override // org.opends.server.extensions.ConnectionSecurityProvider
    public int getAppBufSize() {
        return this.appBufSize;
    }

    public static TLSByteChannel getTLSByteChannel(LDAPConnectionHandlerCfg lDAPConnectionHandlerCfg, ClientConnection clientConnection, SSLContext sSLContext, ByteChannel byteChannel) {
        return new TLSByteChannel(lDAPConnectionHandlerCfg, clientConnection, byteChannel, sSLContext);
    }

    private SSLEngineResult.HandshakeStatus doTasks() {
        while (true) {
            Runnable delegatedTask = this.sslEngine.getDelegatedTask();
            if (delegatedTask == null) {
                return this.sslEngine.getHandshakeStatus();
            }
            delegatedTask.run();
        }
    }

    private void doHandshakeRead(SSLEngineResult.HandshakeStatus handshakeStatus) throws IOException {
        while (true) {
            doHandshakeOp(handshakeStatus);
            handshakeStatus = this.sslEngine.getHandshakeStatus();
            if (handshakeStatus != SSLEngineResult.HandshakeStatus.NEED_WRAP && handshakeStatus != SSLEngineResult.HandshakeStatus.NEED_TASK) {
                return;
            }
        }
    }

    private void doHandshakeOp(SSLEngineResult.HandshakeStatus handshakeStatus) throws IOException {
        switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[handshakeStatus.ordinal()]) {
            case 1:
                doTasks();
                return;
            case 2:
                this.tempData.clear();
                this.netData.clear();
                this.sslEngine.wrap(this.tempData, this.netData).getHandshakeStatus();
                this.netData.flip();
                while (this.netData.hasRemaining()) {
                    this.socketChannel.write(this.netData);
                }
                this.sslEngine.getHandshakeStatus();
                return;
            default:
                return;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:37:0x00e9, code lost:
    
        r0 = r4.sslEngine.getHandshakeStatus();
     */
    /* JADX WARN: Code restructure failed: missing block: B:38:0x00f5, code lost:
    
        if (r0 == javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_TASK) goto L54;
     */
    /* JADX WARN: Code restructure failed: missing block: B:41:0x00fc, code lost:
    
        if (r0 == javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_WRAP) goto L55;
     */
    /* JADX WARN: Code restructure failed: missing block: B:44:0x0103, code lost:
    
        return r5.position();
     */
    @Override // java.nio.channels.ReadableByteChannel
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized int read(java.nio.ByteBuffer r5) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 260
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.opends.server.extensions.TLSByteChannel.read(java.nio.ByteBuffer):int");
    }

    @Override // java.nio.channels.Channel, java.io.Closeable, java.lang.AutoCloseable
    public synchronized void close() throws IOException {
        this.sslEngine.closeInbound();
        this.sslEngine.closeOutbound();
        SSLEngineResult.HandshakeStatus handshakeStatus = this.sslEngine.getHandshakeStatus();
        if (handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED || handshakeStatus == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
            return;
        }
        doHandshakeWrite(handshakeStatus);
    }

    @Override // java.nio.channels.Channel
    public boolean isOpen() {
        return (this.sslEngine.isInboundDone() || this.sslEngine.isOutboundDone()) ? false : true;
    }

    @Override // org.opends.server.extensions.ConnectionSecurityProvider
    public int getSSF() {
        int i = 0;
        String cipherSuite = this.sslEngine.getSession().getCipherSuite();
        Iterator<Map.Entry<String, Integer>> it = cipherMap.entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Map.Entry<String, Integer> next = it.next();
            if (cipherSuite.indexOf(next.getKey()) >= 0) {
                i = next.getValue().intValue();
                break;
            }
        }
        return i;
    }

    @Override // org.opends.server.extensions.ConnectionSecurityProvider
    public Certificate[] getClientCertificateChain() {
        try {
            return this.sslEngine.getSession().getPeerCertificates();
        } catch (SSLPeerUnverifiedException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            return new Certificate[0];
        }
    }

    private void doHandshakeUnwrap() throws IOException {
        this.netData.clear();
        this.tempData.clear();
        if (this.socketChannel.read(this.netData) <= 0) {
            throw new ClosedChannelException();
        }
        this.sslEngine.unwrap(this.netData, this.tempData);
    }

    private void doHandshakeWrite(SSLEngineResult.HandshakeStatus handshakeStatus) throws IOException {
        while (true) {
            if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                doHandshakeUnwrap();
            } else {
                doHandshakeOp(handshakeStatus);
            }
            handshakeStatus = this.sslEngine.getHandshakeStatus();
            if (handshakeStatus != SSLEngineResult.HandshakeStatus.NEED_WRAP && handshakeStatus != SSLEngineResult.HandshakeStatus.NEED_TASK && handshakeStatus != SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                return;
            }
        }
    }

    @Override // java.nio.channels.WritableByteChannel
    public synchronized int write(ByteBuffer byteBuffer) throws IOException {
        if (!this.socketChannel.isOpen() || this.sslEngine.isOutboundDone()) {
            throw new ClosedChannelException();
        }
        int position = byteBuffer.position();
        int limit = byteBuffer.limit();
        int i = limit - position;
        if (i <= this.sslBufferSize) {
            return writeInternal(byteBuffer);
        }
        int i2 = position;
        int i3 = position + this.sslBufferSize;
        while (true) {
            int i4 = i3;
            if (i2 >= limit) {
                return i;
            }
            byteBuffer.position(i2);
            byteBuffer.limit(i4);
            writeInternal(byteBuffer);
            i2 = i4;
            i3 = Math.min(limit, i2 + this.sslBufferSize);
        }
    }

    private int writeInternal(ByteBuffer byteBuffer) throws IOException {
        int i = 0;
        SSLEngineResult.HandshakeStatus handshakeStatus = this.sslEngine.getHandshakeStatus();
        if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_TASK || handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP || handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
            doHandshakeWrite(handshakeStatus);
        }
        while (byteBuffer.hasRemaining()) {
            this.netData.clear();
            SSLEngineResult wrap = this.sslEngine.wrap(byteBuffer, this.netData);
            this.netData.flip();
            if (this.netData.remaining() == 0) {
                throw new SSLException("SSLEngine.wrap produced 0 bytes");
            }
            if (wrap.getStatus() != SSLEngineResult.Status.OK) {
                throw new ClosedChannelException();
            }
            if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_TASK || handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP || handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                doHandshakeWrite(handshakeStatus);
            }
            i += this.socketChannel.write(this.netData);
        }
        return i;
    }

    @Override // org.opends.server.extensions.ConnectionSecurityProvider
    public ByteChannel wrapChannel(ByteChannel byteChannel) {
        return this;
    }

    @Override // org.opends.server.extensions.ConnectionSecurityProvider
    public String getName() {
        return "TLS";
    }

    @Override // org.opends.server.extensions.ConnectionSecurityProvider
    public boolean isSecure() {
        return true;
    }

    static {
        cipherMap.put("_WITH_AES_256_CBC_", new Integer(256));
        cipherMap.put("_WITH_CAMELLIA_256_CBC_", new Integer(256));
        cipherMap.put("_WITH_AES_256_GCM_", new Integer(256));
        cipherMap.put("_WITH_3DES_EDE_CBC_", new Integer(ToolConstants.OPTION_SHORT_PORT));
        cipherMap.put("_WITH_AES_128_GCM_", new Integer(128));
        cipherMap.put("_WITH_SEED_CBC_", new Integer(128));
        cipherMap.put("_WITH_CAMELLIA_128_CBC_", new Integer(128));
        cipherMap.put("_WITH_AES_128_CBC_", new Integer(128));
        cipherMap.put("_WITH_IDEA_CBC_", new Integer(128));
        cipherMap.put("_WITH_DES_CBC_", new Integer(56));
        cipherMap.put("_WITH_RC2_CBC_40_", new Integer(40));
        cipherMap.put("_WITH_RC4_40_", new Integer(40));
        cipherMap.put("_WITH_DES40_CBC_", new Integer(40));
        cipherMap.put("_WITH_NULL_", new Integer(0));
    }
}
