package org.apache.mina.filter.ssl;

import java.net.InetSocketAddress;
import java.util.Objects;
import java.util.concurrent.Executor;
import java.util.concurrent.LinkedBlockingDeque;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import org.apache.mina.core.buffer.IoBuffer;
import org.apache.mina.core.filterchain.IoFilter;
import org.apache.mina.core.filterchain.IoFilterAdapter;
import org.apache.mina.core.filterchain.IoFilterChain;
import org.apache.mina.core.session.AttributeKey;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.core.write.WriteRequest;
import org.apache.mina.util.BasicThreadFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:BOOT-INF/lib/connector-ldap-3.7.4.jar:lib/mina-core-2.2.4.jar:org/apache/mina/filter/ssl/SslFilter.class
 */
/* loaded from: input_file:BOOT-INF/lib/mina-core-2.2.4.jar:org/apache/mina/filter/ssl/SslFilter.class */
public class SslFilter extends IoFilterAdapter {
    public static final AttributeKey SSL_SECURED = new AttributeKey(SslFilter.class, "status");
    protected static final AttributeKey SSL_HANDLER = new AttributeKey(SslHandler.class, "handler");
    protected static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SslFilter.class);
    protected static final Executor EXECUTOR = new ThreadPoolExecutor(2, 2, 100, TimeUnit.MILLISECONDS, new LinkedBlockingDeque(), new BasicThreadFactory("ssl-exec", true));
    protected final SSLContext sslContext;
    private final boolean autoStart;
    private boolean nonBlockingPipeline;
    protected boolean needClientAuth;
    protected boolean wantClientAuth;
    protected String[] enabledCipherSuites;
    protected String[] enabledProtocols;
    private String identificationAlgorithm;

    public SslFilter(SSLContext sSLContext) {
        this(sSLContext, true);
    }

    public SslFilter(SSLContext sSLContext, boolean z) {
        this.nonBlockingPipeline = true;
        this.needClientAuth = false;
        this.wantClientAuth = false;
        Objects.requireNonNull(sSLContext, "ssl must not be null");
        this.sslContext = sSLContext;
        this.autoStart = z;
    }

    public void setUseNonBlockingPipeline(boolean z) {
        this.nonBlockingPipeline = z;
    }

    public boolean isNeedClientAuth() {
        return this.needClientAuth;
    }

    public void setNeedClientAuth(boolean z) {
        this.needClientAuth = z;
    }

    public boolean isWantClientAuth() {
        return this.wantClientAuth;
    }

    public void setWantClientAuth(boolean z) {
        this.wantClientAuth = z;
    }

    public String[] getEnabledCipherSuites() {
        return this.enabledCipherSuites;
    }

    public void setEnabledCipherSuites(String... strArr) {
        this.enabledCipherSuites = strArr;
    }

    public String getEndpointIdentificationAlgorithm() {
        return this.identificationAlgorithm;
    }

    public void setEndpointIdentificationAlgorithm(String str) {
        this.identificationAlgorithm = str;
    }

    public String[] getEnabledProtocols() {
        return this.enabledProtocols;
    }

    private SslHandler getSslHandler(IoSession ioSession) {
        return (SslHandler) SslHandler.class.cast(ioSession.getAttribute(SSL_HANDLER));
    }

    public void setEnabledProtocols(String... strArr) {
        this.enabledProtocols = strArr;
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void onPreAdd(IoFilterChain ioFilterChain, String str, IoFilter.NextFilter nextFilter) throws Exception {
        if (ioFilterChain.contains(SslFilter.class)) {
            throw new IllegalStateException("Only one SSL filter is permitted in a chain");
        }
        if (LOGGER.isDebugEnabled()) {
            if (ioFilterChain.getSession().isServer()) {
                LOGGER.debug("SERVER: Adding the SSL Filter '{}' to the chain", str);
            } else {
                LOGGER.debug("CLIENT: Adding the SSL Filter '{}' to the chain", str);
            }
        }
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void onPostAdd(IoFilterChain ioFilterChain, String str, IoFilter.NextFilter nextFilter) throws Exception {
        IoSession session = ioFilterChain.getSession();
        if (session.isConnected() && this.autoStart) {
            onConnected(nextFilter, session);
        }
        super.onPostAdd(ioFilterChain, str, nextFilter);
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void onPreRemove(IoFilterChain ioFilterChain, String str, IoFilter.NextFilter nextFilter) throws Exception {
        onClose(nextFilter, ioFilterChain.getSession(), false);
    }

    protected synchronized void onConnected(IoFilter.NextFilter nextFilter, IoSession ioSession) throws SSLException {
        SslHandler sslHandler = getSslHandler(ioSession);
        if (sslHandler == null) {
            SSLEngine createEngine = createEngine(ioSession, (InetSocketAddress) InetSocketAddress.class.cast(ioSession.getRemoteAddress()));
            sslHandler = this.nonBlockingPipeline ? new SSLHandlerG1(createEngine, EXECUTOR, ioSession) : new SSLHandlerG0(createEngine, EXECUTOR, ioSession);
            ioSession.setAttribute(SSL_HANDLER, sslHandler);
        }
        sslHandler.open(nextFilter);
    }

    protected synchronized void onClose(IoFilter.NextFilter nextFilter, IoSession ioSession, boolean z) throws SSLException {
        ioSession.removeAttribute(SSL_SECURED);
        SslHandler sslHandler = (SslHandler) SslHandler.class.cast(ioSession.removeAttribute(SSL_HANDLER));
        if (sslHandler != null) {
            sslHandler.close(nextFilter, z);
        }
    }

    protected SSLEngine createEngine(IoSession ioSession, InetSocketAddress inetSocketAddress) {
        SSLEngine createSSLEngine = inetSocketAddress != null ? this.sslContext.createSSLEngine(inetSocketAddress.getHostName(), inetSocketAddress.getPort()) : this.sslContext.createSSLEngine();
        if (this.wantClientAuth) {
            createSSLEngine.setWantClientAuth(true);
        }
        if (this.needClientAuth) {
            createSSLEngine.setNeedClientAuth(true);
        }
        if (this.enabledCipherSuites != null) {
            createSSLEngine.setEnabledCipherSuites(this.enabledCipherSuites);
        }
        if (this.enabledProtocols != null) {
            createSSLEngine.setEnabledProtocols(this.enabledProtocols);
        }
        if (getEndpointIdentificationAlgorithm() != null) {
            SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm(getEndpointIdentificationAlgorithm());
            createSSLEngine.setSSLParameters(sSLParameters);
        }
        createSSLEngine.setUseClientMode(!ioSession.isServer());
        return createSSLEngine;
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void sessionOpened(IoFilter.NextFilter nextFilter, IoSession ioSession) throws Exception {
        if (LOGGER.isDebugEnabled()) {
            if (ioSession.isServer()) {
                LOGGER.debug("SERVER: Session {} opened", ioSession);
            } else {
                LOGGER.debug("CLIENT: Session {} opened", ioSession);
            }
        }
        onConnected(nextFilter, ioSession);
        super.sessionOpened(nextFilter, ioSession);
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void sessionClosed(IoFilter.NextFilter nextFilter, IoSession ioSession) throws Exception {
        if (LOGGER.isDebugEnabled()) {
            if (ioSession.isServer()) {
                LOGGER.debug("SERVER: Session {} closed", ioSession);
            } else {
                LOGGER.debug("CLIENT: Session {} closed", ioSession);
            }
        }
        onClose(nextFilter, ioSession, false);
        super.sessionClosed(nextFilter, ioSession);
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void messageReceived(IoFilter.NextFilter nextFilter, IoSession ioSession, Object obj) throws Exception {
        if (LOGGER.isDebugEnabled()) {
            if (ioSession.isServer()) {
                LOGGER.debug("SERVER: Session {} received {}", ioSession, obj);
            } else {
                LOGGER.debug("CLIENT: Session {} received {}", ioSession, obj);
            }
        }
        getSslHandler(ioSession).receive(nextFilter, (IoBuffer) IoBuffer.class.cast(obj));
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void messageSent(IoFilter.NextFilter nextFilter, IoSession ioSession, WriteRequest writeRequest) throws Exception {
        if (!(writeRequest instanceof EncryptedWriteRequest)) {
            super.messageSent(nextFilter, ioSession, writeRequest);
            return;
        }
        if (LOGGER.isDebugEnabled()) {
            if (ioSession.isServer()) {
                LOGGER.debug("SERVER: Session {} ack {}", ioSession, writeRequest);
            } else {
                LOGGER.debug("CLIENT: Session {} ack {}", ioSession, writeRequest);
            }
        }
        WriteRequest writeRequest2 = (EncryptedWriteRequest) EncryptedWriteRequest.class.cast(writeRequest);
        getSslHandler(ioSession).ack(nextFilter, writeRequest);
        if (writeRequest2.getOriginalRequest() != writeRequest2) {
            nextFilter.messageSent(ioSession, writeRequest2.getOriginalRequest());
        }
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void filterWrite(IoFilter.NextFilter nextFilter, IoSession ioSession, WriteRequest writeRequest) throws Exception {
        if ((writeRequest instanceof EncryptedWriteRequest) || (writeRequest instanceof DisableEncryptWriteRequest)) {
            super.filterWrite(nextFilter, ioSession, writeRequest);
            return;
        }
        if (LOGGER.isDebugEnabled()) {
            if (ioSession.isServer()) {
                LOGGER.debug("SERVER: Session {} write {}", ioSession, writeRequest);
            } else {
                LOGGER.debug("CLIENT: Session {} write {}", ioSession, writeRequest);
            }
        }
        getSslHandler(ioSession).write(nextFilter, writeRequest);
    }
}
