package io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client;

import io.jenkins.cli.shaded.org.glassfish.tyrus.core.Utils;
import io.jenkins.cli.shaded.org.glassfish.tyrus.spi.CompletionHandler;
import java.nio.ByteBuffer;
import java.util.LinkedList;
import java.util.Queue;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/cli-2.224-rc29486.2dc8ee100777.jar:io/jenkins/cli/shaded/org/glassfish/tyrus/container/jdk/client/SslFilter.class */
public class SslFilter extends Filter {
    private static final ByteBuffer emptyBuffer = ByteBuffer.allocate(0);
    private final ByteBuffer applicationInputBuffer;
    private final ByteBuffer networkOutputBuffer;
    private final SSLEngine sslEngine;
    private final HostnameVerifier customHostnameVerifier;
    private final String serverHost;
    private final WriteQueue writeQueue;
    private volatile State state;
    private Runnable pendingApplicationWrite;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.SslFilter$4, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/lib/cli-2.224-rc29486.2dc8ee100777.jar:io/jenkins/cli/shaded/org/glassfish/tyrus/container/jdk/client/SslFilter$4.class */
    public static /* synthetic */ class AnonymousClass4 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 1;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 2;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 3;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.OK.ordinal()] = 4;
            } catch (NoSuchFieldError e9) {
            }
            $SwitchMap$org$glassfish$tyrus$container$jdk$client$SslFilter$State = new int[State.values().length];
            try {
                $SwitchMap$org$glassfish$tyrus$container$jdk$client$SslFilter$State[State.NOT_STARTED.ordinal()] = 1;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$glassfish$tyrus$container$jdk$client$SslFilter$State[State.HANDSHAKING.ordinal()] = 2;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$glassfish$tyrus$container$jdk$client$SslFilter$State[State.REHANDSHAKING.ordinal()] = 3;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$glassfish$tyrus$container$jdk$client$SslFilter$State[State.DATA.ordinal()] = 4;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$glassfish$tyrus$container$jdk$client$SslFilter$State[State.CLOSED.ordinal()] = 5;
            } catch (NoSuchFieldError e14) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/cli-2.224-rc29486.2dc8ee100777.jar:io/jenkins/cli/shaded/org/glassfish/tyrus/container/jdk/client/SslFilter$LazyBuffer.class */
    public class LazyBuffer {
        private ByteBuffer buffer;

        private LazyBuffer() {
            this.buffer = null;
        }

        ByteBuffer get() {
            if (this.buffer == null) {
                this.buffer = ByteBuffer.allocate(SslFilter.this.sslEngine.getSession().getPacketBufferSize());
            }
            return this.buffer;
        }

        boolean isAllocated() {
            return this.buffer != null;
        }

        void resize() {
            ByteBuffer allocate = ByteBuffer.allocate(this.buffer.position() + SslFilter.this.sslEngine.getSession().getPacketBufferSize());
            this.buffer.flip();
            allocate.flip();
            this.buffer = Utils.appendBuffers(allocate, this.buffer, allocate.limit(), 50);
            this.buffer.compact();
        }

        void append(ByteBuffer byteBuffer) {
            if (this.buffer == null) {
                this.buffer = ByteBuffer.allocate(byteBuffer.remaining());
                this.buffer.flip();
            }
            this.buffer = Utils.appendBuffers(this.buffer, byteBuffer, this.buffer.limit() + byteBuffer.remaining(), 50);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/cli-2.224-rc29486.2dc8ee100777.jar:io/jenkins/cli/shaded/org/glassfish/tyrus/container/jdk/client/SslFilter$State.class */
    public enum State {
        NOT_STARTED,
        HANDSHAKING,
        REHANDSHAKING,
        DATA,
        CLOSED
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/cli-2.224-rc29486.2dc8ee100777.jar:io/jenkins/cli/shaded/org/glassfish/tyrus/container/jdk/client/SslFilter$WriteQueue.class */
    public class WriteQueue {
        private final Queue<Runnable> pendingWrites;

        private WriteQueue() {
            this.pendingWrites = new LinkedList();
        }

        void write(final ByteBuffer byteBuffer, final CompletionHandler<ByteBuffer> completionHandler) {
            synchronized (SslFilter.this) {
                Runnable runnable = new Runnable() { // from class: io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.SslFilter.WriteQueue.1
                    @Override // java.lang.Runnable
                    public void run() {
                        SslFilter.this.downstreamFilter.write(byteBuffer, new CompletionHandler<ByteBuffer>() { // from class: io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.SslFilter.WriteQueue.1.1
                            @Override // io.jenkins.cli.shaded.org.glassfish.tyrus.spi.CompletionHandler
                            public void completed(ByteBuffer byteBuffer2) {
                                if (completionHandler != null) {
                                    completionHandler.completed(byteBuffer2);
                                }
                                WriteQueue.this.onWriteCompleted();
                            }

                            @Override // io.jenkins.cli.shaded.org.glassfish.tyrus.spi.CompletionHandler
                            public void failed(Throwable th) {
                                if (completionHandler != null) {
                                    completionHandler.failed(th);
                                }
                                WriteQueue.this.onWriteCompleted();
                            }
                        });
                    }
                };
                this.pendingWrites.offer(runnable);
                if (this.pendingWrites.peek() == runnable) {
                    runnable.run();
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void onWriteCompleted() {
            synchronized (SslFilter.this) {
                this.pendingWrites.poll();
                Runnable peek = this.pendingWrites.peek();
                if (peek != null) {
                    peek.run();
                }
            }
        }

        public String toString() {
            String str;
            synchronized (SslFilter.this) {
                str = "WriteQueue{pendingWrites=" + this.pendingWrites.size() + '}';
            }
            return str;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SslFilter(Filter filter, io.jenkins.cli.shaded.org.glassfish.tyrus.client.SslEngineConfigurator sslEngineConfigurator, String str) {
        super(filter);
        this.writeQueue = new WriteQueue();
        this.state = State.NOT_STARTED;
        this.pendingApplicationWrite = null;
        this.serverHost = str;
        this.sslEngine = sslEngineConfigurator.createSSLEngine(str);
        this.customHostnameVerifier = sslEngineConfigurator.getHostnameVerifier();
        if (sslEngineConfigurator.isHostVerificationEnabled() && sslEngineConfigurator.getHostnameVerifier() == null) {
            SSLParameters sSLParameters = this.sslEngine.getSSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            this.sslEngine.setSSLParameters(sSLParameters);
        }
        this.applicationInputBuffer = ByteBuffer.allocate(this.sslEngine.getSession().getApplicationBufferSize());
        this.networkOutputBuffer = ByteBuffer.allocate(this.sslEngine.getSession().getPacketBufferSize());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SslFilter(Filter filter, SslEngineConfigurator sslEngineConfigurator) {
        super(filter);
        this.writeQueue = new WriteQueue();
        this.state = State.NOT_STARTED;
        this.pendingApplicationWrite = null;
        this.sslEngine = sslEngineConfigurator.createSSLEngine();
        this.applicationInputBuffer = ByteBuffer.allocate(this.sslEngine.getSession().getApplicationBufferSize());
        this.networkOutputBuffer = ByteBuffer.allocate(this.sslEngine.getSession().getPacketBufferSize());
        this.customHostnameVerifier = null;
        this.serverHost = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.Filter
    public synchronized void write(ByteBuffer byteBuffer, CompletionHandler<ByteBuffer> completionHandler) {
        switch (this.state) {
            case NOT_STARTED:
                this.writeQueue.write(byteBuffer, completionHandler);
                return;
            case HANDSHAKING:
                completionHandler.failed(new IllegalStateException("Cannot write until SSL handshake has been completed"));
                return;
            case REHANDSHAKING:
                storePendingApplicationWrite(byteBuffer, completionHandler);
                return;
            case DATA:
                handleWrite(byteBuffer, completionHandler);
                return;
            case CLOSED:
                completionHandler.failed(new IllegalStateException("SSL session has been closed"));
                return;
            default:
                return;
        }
    }

    private void handleWrite(final ByteBuffer byteBuffer, final CompletionHandler<ByteBuffer> completionHandler) {
        try {
            this.networkOutputBuffer.clear();
            SSLEngineResult wrap = this.sslEngine.wrap(byteBuffer, this.networkOutputBuffer);
            switch (AnonymousClass4.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[wrap.getStatus().ordinal()]) {
                case 1:
                    throw new IllegalStateException("SSL packet does not fit into the network buffer: " + this.networkOutputBuffer + "\n" + getDebugState());
                case 2:
                    throw new IllegalStateException("SSL engine underflow with the following application input: " + byteBuffer + "\n" + getDebugState());
                case 3:
                    this.state = State.CLOSED;
                    break;
                case 4:
                    if (wrap.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
                        this.state = State.REHANDSHAKING;
                    }
                    this.networkOutputBuffer.flip();
                    if (!this.networkOutputBuffer.hasRemaining()) {
                        handlePostWrite(byteBuffer, completionHandler);
                        break;
                    } else {
                        this.writeQueue.write(this.networkOutputBuffer, new CompletionHandler<ByteBuffer>() { // from class: io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.SslFilter.1
                            @Override // io.jenkins.cli.shaded.org.glassfish.tyrus.spi.CompletionHandler
                            public void completed(ByteBuffer byteBuffer2) {
                                SslFilter.this.handlePostWrite(byteBuffer, completionHandler);
                            }

                            @Override // io.jenkins.cli.shaded.org.glassfish.tyrus.spi.CompletionHandler
                            public void failed(Throwable th) {
                                completionHandler.failed(th);
                            }
                        });
                        break;
                    }
            }
        } catch (SSLException e) {
            handleSslError(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void handlePostWrite(ByteBuffer byteBuffer, CompletionHandler<ByteBuffer> completionHandler) {
        if (this.state == State.REHANDSHAKING) {
            if (byteBuffer.hasRemaining()) {
                storePendingApplicationWrite(byteBuffer, completionHandler);
                doHandshakeStep(emptyBuffer);
                return;
            }
            return;
        }
        if (byteBuffer.hasRemaining()) {
            handleWrite(byteBuffer, completionHandler);
        } else {
            completionHandler.completed(byteBuffer);
        }
    }

    private void storePendingApplicationWrite(final ByteBuffer byteBuffer, final CompletionHandler<ByteBuffer> completionHandler) {
        if (this.pendingApplicationWrite != null) {
            throw new IllegalStateException("Only one write operation can be in progress\n" + getDebugState());
        }
        this.pendingApplicationWrite = new Runnable() { // from class: io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.SslFilter.2
            @Override // java.lang.Runnable
            public void run() {
                SslFilter.this.write(byteBuffer, completionHandler);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.Filter
    public synchronized void close() {
        if (this.state == State.NOT_STARTED) {
            this.downstreamFilter.close();
            return;
        }
        this.sslEngine.closeOutbound();
        try {
            LazyBuffer lazyBuffer = new LazyBuffer();
            while (this.sslEngine.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
                switch (AnonymousClass4.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[this.sslEngine.wrap(emptyBuffer, lazyBuffer.get()).getStatus().ordinal()]) {
                    case 1:
                        lazyBuffer.resize();
                        break;
                    case 2:
                        throw new IllegalStateException("SSL engine underflow while close operation \n" + getDebugState());
                }
            }
            if (lazyBuffer.isAllocated()) {
                ByteBuffer byteBuffer = lazyBuffer.get();
                byteBuffer.flip();
                this.writeQueue.write(byteBuffer, new CompletionHandler<ByteBuffer>() { // from class: io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.SslFilter.3
                    @Override // io.jenkins.cli.shaded.org.glassfish.tyrus.spi.CompletionHandler
                    public void completed(ByteBuffer byteBuffer2) {
                        SslFilter.this.downstreamFilter.close();
                    }

                    @Override // io.jenkins.cli.shaded.org.glassfish.tyrus.spi.CompletionHandler
                    public void failed(Throwable th) {
                        SslFilter.this.downstreamFilter.close();
                    }
                });
            } else {
                this.downstreamFilter.close();
            }
        } catch (Exception e) {
            handleSslError(e);
        }
    }

    @Override // io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.Filter
    boolean processRead(ByteBuffer byteBuffer) {
        boolean z = true;
        while (byteBuffer.hasRemaining() && z) {
            switch (this.state) {
                case NOT_STARTED:
                    return true;
                case HANDSHAKING:
                case REHANDSHAKING:
                    z = doHandshakeStep(byteBuffer);
                    break;
                case DATA:
                    z = handleRead(byteBuffer);
                    break;
                case CLOSED:
                    byteBuffer.clear();
                    z = false;
                    break;
            }
        }
        return false;
    }

    private boolean handleRead(ByteBuffer byteBuffer) {
        try {
            this.applicationInputBuffer.clear();
            SSLEngineResult unwrap = this.sslEngine.unwrap(byteBuffer, this.applicationInputBuffer);
            switch (AnonymousClass4.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[unwrap.getStatus().ordinal()]) {
                case 1:
                    throw new IllegalStateException("Contents of a SSL packet did not fit into buffer: " + this.applicationInputBuffer + "\n" + getDebugState());
                case 2:
                    return false;
                case 3:
                case 4:
                    if (unwrap.bytesProduced() > 0) {
                        this.applicationInputBuffer.flip();
                        this.upstreamFilter.onRead(this.applicationInputBuffer);
                        this.applicationInputBuffer.compact();
                    }
                    if (this.sslEngine.isInboundDone()) {
                        return false;
                    }
                    if (unwrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING || this.sslEngine.isOutboundDone()) {
                        return true;
                    }
                    this.state = State.REHANDSHAKING;
                    return doHandshakeStep(byteBuffer);
                default:
                    return true;
            }
        } catch (SSLException e) {
            handleSslError(e);
            return true;
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:15:0x004b. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:23:0x00c4. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:38:0x0160. Please report as an issue. */
    private boolean doHandshakeStep(ByteBuffer byteBuffer) {
        LazyBuffer lazyBuffer = new LazyBuffer();
        boolean z = false;
        synchronized (this) {
            if (SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.equals(this.sslEngine.getHandshakeStatus())) {
                return true;
            }
            try {
                LazyBuffer lazyBuffer2 = new LazyBuffer();
                boolean z2 = false;
                while (!z2) {
                    switch (AnonymousClass4.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[this.sslEngine.getHandshakeStatus().ordinal()]) {
                        case 1:
                            throw new IllegalStateException("Trying to handshake, but SSL engine not in HANDSHAKING state.SSL filter state: \n" + getDebugState());
                        case 2:
                            z2 = true;
                            z = true;
                        case 3:
                            SSLEngineResult wrap = this.sslEngine.wrap(emptyBuffer, lazyBuffer2.get());
                            if (wrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED) {
                                z2 = true;
                                z = true;
                            }
                            switch (AnonymousClass4.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[wrap.getStatus().ordinal()]) {
                                case 1:
                                    lazyBuffer2.resize();
                                case 2:
                                    throw new IllegalStateException("SSL engine underflow with the following SSL filter state: \n" + getDebugState());
                                case 3:
                                    z2 = true;
                                    this.state = State.CLOSED;
                            }
                        case 4:
                            SSLEngineResult unwrap = this.sslEngine.unwrap(byteBuffer, this.applicationInputBuffer);
                            this.applicationInputBuffer.flip();
                            if (this.applicationInputBuffer.hasRemaining()) {
                                lazyBuffer.append(this.applicationInputBuffer);
                            }
                            this.applicationInputBuffer.compact();
                            if (unwrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED) {
                                z2 = true;
                                z = true;
                            }
                            switch (AnonymousClass4.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[unwrap.getStatus().ordinal()]) {
                                case 1:
                                    throw new IllegalStateException("SSL packet does not fit into the network buffer: " + getDebugState());
                                case 2:
                                    z2 = true;
                                case 3:
                                    z2 = true;
                                    this.state = State.CLOSED;
                            }
                        case 5:
                            while (true) {
                                Runnable delegatedTask = this.sslEngine.getDelegatedTask();
                                if (delegatedTask != null) {
                                    delegatedTask.run();
                                }
                            }
                            break;
                    }
                }
                if (lazyBuffer2.isAllocated()) {
                    ByteBuffer byteBuffer2 = lazyBuffer2.get();
                    byteBuffer2.flip();
                    this.writeQueue.write(byteBuffer2, null);
                }
            } catch (Exception e) {
                handleSslError(e);
            }
            if (lazyBuffer.isAllocated()) {
                this.upstreamFilter.onRead(lazyBuffer.get());
            }
            if (!z) {
                return false;
            }
            handleHandshakeFinished();
            return true;
        }
    }

    private void handleHandshakeFinished() {
        if (this.customHostnameVerifier != null && !this.customHostnameVerifier.verify(this.serverHost, this.sslEngine.getSession())) {
            handleSslError(new SSLException("Server host name verification using " + this.customHostnameVerifier.getClass() + " has failed"));
            return;
        }
        if (this.state == State.HANDSHAKING) {
            this.state = State.DATA;
            this.upstreamFilter.onSslHandshakeCompleted();
        } else if (this.state == State.REHANDSHAKING) {
            this.state = State.DATA;
            if (this.pendingApplicationWrite != null) {
                Runnable runnable = this.pendingApplicationWrite;
                this.pendingApplicationWrite = null;
                runnable.run();
            }
        }
    }

    private void handleSslError(Throwable th) {
        onError(th);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.Filter
    public void startSsl() {
        try {
            this.state = State.HANDSHAKING;
            this.sslEngine.beginHandshake();
            doHandshakeStep(emptyBuffer);
        } catch (SSLException e) {
            handleSslError(e);
        }
    }

    void rehandshake() {
        try {
            this.sslEngine.beginHandshake();
        } catch (SSLException e) {
            handleSslError(e);
        }
    }

    private String getDebugState() {
        return "SslFilter{\napplicationInputBuffer=" + this.applicationInputBuffer + ",\nnetworkOutputBuffer=" + this.networkOutputBuffer + ",\nsslEngineStatus=" + this.sslEngine.getHandshakeStatus() + ",\nsslSession=" + this.sslEngine.getSession() + ",\nstate=" + this.state + ",\npendingApplicationWrite=" + this.pendingApplicationWrite + ",\npendingWritesSize=" + this.writeQueue + '}';
    }
}
