package com.sshtools.synergy.nio.ssl;

import com.sshtools.common.logger.Log;
import com.sshtools.common.util.Utils;
import com.sshtools.synergy.nio.SelectorThread;
import com.sshtools.synergy.nio.SocketConnection;
import com.sshtools.synergy.nio.SocketWriteCallback;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.SelectableChannel;
import java.nio.channels.SelectionKey;
import java.nio.channels.SocketChannel;
import java.security.KeyStore;
import java.util.Iterator;
import java.util.LinkedList;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:WEB-INF/lib/maverick-synergy-common-3.1.1.jar:com/sshtools/synergy/nio/ssl/SSLContextConnection.class */
public class SSLContextConnection extends SocketConnection {
    static SSLContext sslContext = null;
    private SSLSession session;
    private SSLEngine engine;
    private ByteBuffer dummy;
    private SSLEngineResult.HandshakeStatus hsStatus;
    private SSLEngineResult.Status status;
    private boolean initialHandshake;
    private boolean wantsWrite;
    ByteBuffer sourceBuffer;
    ByteBuffer destinationBuffer;
    LinkedList<SocketWriteCallback> socketWriteCallbacks;
    boolean requireClientCertificate;
    boolean allowClientCertificate;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.sshtools.synergy.nio.ssl.SSLContextConnection$1, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/lib/maverick-synergy-common-3.1.1.jar:com/sshtools/synergy/nio/ssl/SSLContextConnection$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP_AGAIN.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    public SSLContextConnection() {
        this(true, false);
    }

    public SSLContextConnection(boolean z, boolean z2) {
        this.wantsWrite = false;
        this.socketWriteCallbacks = new LinkedList<>();
        this.allowClientCertificate = z;
        this.requireClientCertificate = z2;
    }

    @Override // com.sshtools.synergy.nio.SocketConnection, com.sshtools.synergy.nio.SelectorRegistrationListener
    public void registrationCompleted(SelectableChannel selectableChannel, SelectionKey selectionKey, SelectorThread selectorThread) {
        this.socketChannel = (SocketChannel) selectableChannel;
        this.selectorThread = selectorThread;
        this.key = selectionKey;
        try {
            this.engine = getSSLContext().createSSLEngine();
            this.engine.setUseClientMode(false);
            this.engine.setWantClientAuth(this.allowClientCertificate);
            this.engine.setNeedClientAuth(this.requireClientCertificate);
            this.session = this.engine.getSession();
            this.engine.beginHandshake();
            this.hsStatus = this.engine.getHandshakeStatus();
            this.initialHandshake = true;
            this.dummy = ByteBuffer.allocate(0);
            this.wantsWrite = true;
        } catch (Exception e) {
            closeConnection();
        }
    }

    public static SSLContext getSSLContext() throws IOException {
        if (sslContext != null) {
            return sslContext;
        }
        initializeSSL();
        return sslContext;
    }

    public static void initializeSSL() throws FileNotFoundException, IOException {
        try {
            String property = System.getProperty("javax.net.ssl.keyStorePassword");
            if (property == null) {
                property = "";
            }
            char[] charArray = property.toCharArray();
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(System.getProperty("javax.net.ssl.keyStore", "")), charArray);
            sslContext = SSLContext.getInstance("TLS");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            keyManagerFactory.init(keyStore, charArray);
            String property2 = System.getProperty("javax.net.ssl.trustStorePassword");
            if (property2 == null) {
                property2 = "";
            }
            char[] charArray2 = property2.toCharArray();
            TrustManagerFactory trustManagerFactory = null;
            String property3 = System.getProperty("javax.net.ssl.trustStore", "");
            if (Utils.isNotBlank(property3)) {
                KeyStore keyStore2 = KeyStore.getInstance("JKS");
                keyStore2.load(new FileInputStream(property3), charArray2);
                trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
                trustManagerFactory.init(keyStore2);
            }
            sslContext = SSLContext.getInstance("TLS");
            sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null, null);
        } catch (Exception e) {
            throw new IOException("SSL initialization failed: " + e.getMessage());
        }
    }

    @Override // com.sshtools.synergy.nio.SocketConnection
    public boolean isConnected() {
        return this.initialHandshake ? this.socketChannel.isOpen() : super.isConnected();
    }

    private void shutdown() throws SSLException {
        this.engine.closeInbound();
        this.engine.closeOutbound();
        closeConnection();
    }

    @Override // com.sshtools.synergy.nio.SocketConnection, com.sshtools.synergy.nio.SocketHandler
    public boolean processReadEvent() {
        try {
            try {
                if (!isConnected()) {
                    if (this.destinationBuffer != null && this.destinationBuffer.remaining() == this.destinationBuffer.capacity()) {
                        this.daemonContext.getBufferPool().add(this.destinationBuffer);
                        this.destinationBuffer = null;
                    }
                    if (this.socketDataIn != null && this.socketDataIn.remaining() == this.socketDataIn.capacity()) {
                        this.daemonContext.getBufferPool().add(this.socketDataIn);
                        this.socketDataIn = null;
                    }
                    return true;
                }
                if (this.socketDataIn == null) {
                    this.socketDataIn = this.daemonContext.getBufferPool().get();
                }
                int read = this.socketChannel.read(this.socketDataIn);
                this.socketDataIn.flip();
                if (read == -1) {
                    shutdown();
                    if (this.destinationBuffer != null && this.destinationBuffer.remaining() == this.destinationBuffer.capacity()) {
                        this.daemonContext.getBufferPool().add(this.destinationBuffer);
                        this.destinationBuffer = null;
                    }
                    if (this.socketDataIn != null && this.socketDataIn.remaining() == this.socketDataIn.capacity()) {
                        this.daemonContext.getBufferPool().add(this.socketDataIn);
                        this.socketDataIn = null;
                    }
                    return true;
                }
                if (read > 0) {
                    if (this.destinationBuffer == null) {
                        this.destinationBuffer = this.daemon.getContext().getBufferPool().get();
                    }
                    int position = this.destinationBuffer.position();
                    int remaining = this.socketDataIn.remaining();
                    int i = 0;
                    while (true) {
                        SSLEngineResult unwrap = this.engine.unwrap(this.socketDataIn, this.destinationBuffer);
                        if (remaining == this.socketDataIn.remaining()) {
                            i++;
                            if (i > 50) {
                                shutdown();
                                if (this.destinationBuffer != null && this.destinationBuffer.remaining() == this.destinationBuffer.capacity()) {
                                    this.daemonContext.getBufferPool().add(this.destinationBuffer);
                                    this.destinationBuffer = null;
                                }
                                if (this.socketDataIn != null && this.socketDataIn.remaining() == this.socketDataIn.capacity()) {
                                    this.daemonContext.getBufferPool().add(this.socketDataIn);
                                    this.socketDataIn = null;
                                }
                                return true;
                            }
                        } else {
                            i = 0;
                            remaining = this.socketDataIn.remaining();
                        }
                        this.destinationBuffer.flip();
                        if (this.destinationBuffer.hasRemaining() && !this.initialHandshake) {
                            this.protocolEngine.onSocketRead(this.destinationBuffer);
                        }
                        this.destinationBuffer.compact();
                        if (unwrap.getStatus() != SSLEngineResult.Status.OK || unwrap.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NEED_UNWRAP || unwrap.bytesProduced() != 0) {
                            if (this.destinationBuffer.position() == position && this.socketDataIn.hasRemaining()) {
                                unwrap = this.engine.unwrap(this.socketDataIn, this.destinationBuffer);
                                this.destinationBuffer.flip();
                                if (this.destinationBuffer.hasRemaining() && !this.initialHandshake) {
                                    this.protocolEngine.onSocketRead(this.destinationBuffer);
                                }
                                this.destinationBuffer.compact();
                            }
                            this.status = unwrap.getStatus();
                            this.hsStatus = unwrap.getHandshakeStatus();
                            if (this.status == SSLEngineResult.Status.CLOSED) {
                                shutdown();
                            }
                            if (this.hsStatus == SSLEngineResult.HandshakeStatus.NEED_TASK || this.hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP || this.hsStatus == SSLEngineResult.HandshakeStatus.FINISHED) {
                                doHandshake();
                            }
                            if (!this.socketDataIn.hasRemaining() || this.status == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                                break;
                            }
                        }
                    }
                }
                this.socketDataIn.compact();
                if (!isConnected()) {
                }
                boolean z = !isConnected();
                if (this.destinationBuffer != null && this.destinationBuffer.remaining() == this.destinationBuffer.capacity()) {
                    this.daemonContext.getBufferPool().add(this.destinationBuffer);
                    this.destinationBuffer = null;
                }
                if (this.socketDataIn != null && this.socketDataIn.remaining() == this.socketDataIn.capacity()) {
                    this.daemonContext.getBufferPool().add(this.socketDataIn);
                    this.socketDataIn = null;
                }
                return z;
            } catch (Throwable th) {
                Log.error("An error occured whilst trying to read from the socket", th, new Object[0]);
                closeConnection();
                if (this.destinationBuffer != null && this.destinationBuffer.remaining() == this.destinationBuffer.capacity()) {
                    this.daemonContext.getBufferPool().add(this.destinationBuffer);
                    this.destinationBuffer = null;
                }
                if (this.socketDataIn != null && this.socketDataIn.remaining() == this.socketDataIn.capacity()) {
                    this.daemonContext.getBufferPool().add(this.socketDataIn);
                    this.socketDataIn = null;
                }
                return true;
            }
        } catch (Throwable th2) {
            if (this.destinationBuffer != null && this.destinationBuffer.remaining() == this.destinationBuffer.capacity()) {
                this.daemonContext.getBufferPool().add(this.destinationBuffer);
                this.destinationBuffer = null;
            }
            if (this.socketDataIn != null && this.socketDataIn.remaining() == this.socketDataIn.capacity()) {
                this.daemonContext.getBufferPool().add(this.socketDataIn);
                this.socketDataIn = null;
            }
            throw th2;
        }
    }

    private void finishInitialHandshake() {
        this.initialHandshake = false;
        Log.debug("Completed handshake", new Object[0]);
        this.protocolEngine.onSocketConnect(this);
    }

    private void doHandshake() throws SSLException {
        while (true) {
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[this.hsStatus.ordinal()]) {
                case 1:
                    finishInitialHandshake();
                    return;
                case 2:
                    while (true) {
                        Runnable delegatedTask = this.engine.getDelegatedTask();
                        if (delegatedTask == null) {
                            this.hsStatus = this.engine.getHandshakeStatus();
                            break;
                        } else {
                            delegatedTask.run();
                        }
                    }
                case 3:
                case 4:
                    this.wantsWrite = false;
                    return;
                case 5:
                    this.wantsWrite = true;
                    return;
                case 6:
                    Log.error("doHandshake has caught a NOT_HANDSHAKING state.. This is impossible!", new Object[0]);
                    return;
            }
        }
    }

    private void flush() throws IOException {
        if (this.socketDataOut != null) {
            try {
                this.socketChannel.write(this.socketDataOut);
            } catch (IOException e) {
                closeConnection();
            }
        }
    }

    @Override // com.sshtools.synergy.nio.SocketConnection, com.sshtools.synergy.nio.SocketHandler
    public boolean processWriteEvent() {
        SocketWriteCallback onSocketWrite;
        if (this.socketChannel == null || !this.socketChannel.isOpen()) {
            return true;
        }
        if (this.socketDataOut == null) {
            this.socketDataOut = this.daemonContext.getBufferPool().get();
        }
        try {
            try {
                if (!this.socketChannel.isOpen()) {
                    return true;
                }
                if (this.initialHandshake) {
                    if (this.hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
                        this.hsStatus = this.engine.wrap(this.dummy, this.socketDataOut).getHandshakeStatus();
                        this.socketDataOut.flip();
                        flush();
                    }
                    doHandshake();
                    if (this.hsStatus != SSLEngineResult.HandshakeStatus.NEED_WRAP && this.hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
                        this.wantsWrite = false;
                    }
                } else {
                    if (this.sourceBuffer == null) {
                        this.sourceBuffer = this.daemon.getContext().getBufferPool().get();
                    }
                    if (this.sourceBuffer.remaining() == this.sourceBuffer.limit() && this.protocolEngine.isConnected() && (onSocketWrite = this.protocolEngine.onSocketWrite(this.sourceBuffer)) != null) {
                        this.socketWriteCallbacks.addLast(onSocketWrite);
                    }
                    this.sourceBuffer.flip();
                    SSLEngineResult wrap = this.engine.wrap(this.sourceBuffer, this.socketDataOut);
                    this.status = wrap.getStatus();
                    this.hsStatus = wrap.getHandshakeStatus();
                    this.socketDataOut.flip();
                    flush();
                    if (this.protocolEngine.wantsToWrite() || this.sourceBuffer.hasRemaining() || this.socketDataOut.hasRemaining()) {
                        this.wantsWrite = true;
                    } else {
                        this.wantsWrite = false;
                    }
                }
                boolean z = !isConnected();
                if (this.sourceBuffer != null) {
                    if (!this.sourceBuffer.hasRemaining() || this.sourceBuffer.remaining() == this.sourceBuffer.capacity()) {
                        this.daemonContext.getBufferPool().add(this.sourceBuffer);
                        this.sourceBuffer = null;
                    } else {
                        this.sourceBuffer.compact();
                    }
                }
                if (this.socketDataOut != null) {
                    if (!this.socketDataOut.hasRemaining() || this.socketDataOut.remaining() == this.socketDataOut.capacity()) {
                        this.daemonContext.getBufferPool().add(this.socketDataOut);
                        this.socketDataOut = null;
                        Iterator<SocketWriteCallback> it = this.socketWriteCallbacks.iterator();
                        while (it.hasNext()) {
                            it.next().completedWrite();
                        }
                        this.socketWriteCallbacks.clear();
                    } else {
                        this.socketDataOut.compact();
                    }
                }
                return z;
            } catch (Throwable th) {
                Log.error("An error occured whilst trying to write to the socket", th, new Object[0]);
                closeConnection();
                if (this.sourceBuffer != null) {
                    if (!this.sourceBuffer.hasRemaining() || this.sourceBuffer.remaining() == this.sourceBuffer.capacity()) {
                        this.daemonContext.getBufferPool().add(this.sourceBuffer);
                        this.sourceBuffer = null;
                    } else {
                        this.sourceBuffer.compact();
                    }
                }
                if (this.socketDataOut != null) {
                    if (!this.socketDataOut.hasRemaining() || this.socketDataOut.remaining() == this.socketDataOut.capacity()) {
                        this.daemonContext.getBufferPool().add(this.socketDataOut);
                        this.socketDataOut = null;
                        Iterator<SocketWriteCallback> it2 = this.socketWriteCallbacks.iterator();
                        while (it2.hasNext()) {
                            it2.next().completedWrite();
                        }
                        this.socketWriteCallbacks.clear();
                    } else {
                        this.socketDataOut.compact();
                    }
                }
                return true;
            }
        } finally {
            if (this.sourceBuffer != null) {
                if (!this.sourceBuffer.hasRemaining() || this.sourceBuffer.remaining() == this.sourceBuffer.capacity()) {
                    this.daemonContext.getBufferPool().add(this.sourceBuffer);
                    this.sourceBuffer = null;
                } else {
                    this.sourceBuffer.compact();
                }
            }
            if (this.socketDataOut != null) {
                if (!this.socketDataOut.hasRemaining() || this.socketDataOut.remaining() == this.socketDataOut.capacity()) {
                    this.daemonContext.getBufferPool().add(this.socketDataOut);
                    this.socketDataOut = null;
                    Iterator<SocketWriteCallback> it3 = this.socketWriteCallbacks.iterator();
                    while (it3.hasNext()) {
                        it3.next().completedWrite();
                    }
                    this.socketWriteCallbacks.clear();
                } else {
                    this.socketDataOut.compact();
                }
            }
        }
    }

    @Override // com.sshtools.synergy.nio.SocketConnection, com.sshtools.synergy.nio.SocketHandler
    public boolean wantsWrite() {
        return super.wantsWrite() && this.wantsWrite;
    }
}
