package org.apache.mina.filter.ssl;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import org.apache.mina.core.buffer.IoBuffer;
import org.apache.mina.core.filterchain.IoFilter;
import org.apache.mina.core.filterchain.IoFilterAdapter;
import org.apache.mina.core.filterchain.IoFilterChain;
import org.apache.mina.core.future.DefaultWriteFuture;
import org.apache.mina.core.future.IoFuture;
import org.apache.mina.core.future.IoFutureListener;
import org.apache.mina.core.future.WriteFuture;
import org.apache.mina.core.service.IoAcceptor;
import org.apache.mina.core.session.AttributeKey;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.core.write.DefaultWriteRequest;
import org.apache.mina.core.write.WriteRequest;
import org.apache.mina.core.write.WriteToClosedSessionException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/mina/filter/ssl/SslFilter.class */
public class SslFilter extends IoFilterAdapter {
    private static final Logger LOGGER = LoggerFactory.getLogger(SslFilter.class);
    public static final AttributeKey SSL_SESSION = new AttributeKey(SslFilter.class, "session");
    public static final AttributeKey DISABLE_ENCRYPTION_ONCE = new AttributeKey(SslFilter.class, "disableOnce");
    public static final AttributeKey USE_NOTIFICATION = new AttributeKey(SslFilter.class, "useNotification");
    public static final AttributeKey PEER_ADDRESS = new AttributeKey(SslFilter.class, "peerAddress");
    private static final AttributeKey NEXT_FILTER = new AttributeKey(SslFilter.class, "nextFilter");
    private static final AttributeKey SSL_HANDLER = new AttributeKey(SslFilter.class, "handler");
    final SSLContext sslContext;
    private final boolean autoStart;
    public static final boolean START_HANDSHAKE = true;
    public static final boolean CLIENT_HANDSHAKE = false;
    private boolean client;
    private boolean needClientAuth;
    private boolean wantClientAuth;
    private String identificationAlgorithm;
    private String[] enabledCipherSuites;
    private String[] enabledProtocols;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/mina/filter/ssl/SslFilter$EncryptedWriteRequest.class */
    public static class EncryptedWriteRequest extends DefaultWriteRequest {
        private final IoBuffer encryptedMessage;
        private WriteRequest parentRequest;

        private EncryptedWriteRequest(WriteRequest writeRequest, IoBuffer ioBuffer) {
            super(ioBuffer);
            this.parentRequest = writeRequest;
            this.encryptedMessage = ioBuffer;
        }

        @Override // org.apache.mina.core.write.DefaultWriteRequest, org.apache.mina.core.write.WriteRequest
        public Object getMessage() {
            return this.encryptedMessage;
        }

        public WriteRequest getParentRequest() {
            return this.parentRequest;
        }

        @Override // org.apache.mina.core.write.DefaultWriteRequest, org.apache.mina.core.write.WriteRequest
        public WriteFuture getFuture() {
            return this.parentRequest.getFuture();
        }
    }

    /* loaded from: input_file:org/apache/mina/filter/ssl/SslFilter$SslFilterMessage.class */
    public static class SslFilterMessage {
        private final String name;

        private SslFilterMessage(String str) {
            this.name = str;
        }

        public String toString() {
            return this.name;
        }
    }

    public SslFilter(SSLContext sSLContext) {
        this(sSLContext, true);
    }

    public SslFilter(SSLContext sSLContext, boolean z) {
        if (sSLContext == null) {
            throw new IllegalArgumentException("sslContext");
        }
        this.sslContext = sSLContext;
        this.autoStart = z;
    }

    public SSLSession getSslSession(IoSession ioSession) {
        return (SSLSession) ioSession.getAttribute(SSL_SESSION);
    }

    public boolean startSsl(IoSession ioSession) throws SSLException {
        boolean z;
        SslHandler sslSessionHandler = getSslSessionHandler(ioSession);
        try {
            synchronized (sslSessionHandler) {
                if (sslSessionHandler.isOutboundDone()) {
                    IoFilter.NextFilter nextFilter = (IoFilter.NextFilter) ioSession.getAttribute(NEXT_FILTER);
                    sslSessionHandler.destroy();
                    sslSessionHandler.init();
                    sslSessionHandler.handshake(nextFilter);
                    z = true;
                } else {
                    z = false;
                }
                sslSessionHandler.flushFilterWrite();
            }
            sslSessionHandler.flushMessageReceived();
            return z;
        } catch (SSLException e) {
            sslSessionHandler.release();
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getSessionInfo(IoSession ioSession) {
        StringBuilder sb = new StringBuilder();
        if (ioSession.getService() instanceof IoAcceptor) {
            sb.append("Session Server");
        } else {
            sb.append("Session Client");
        }
        sb.append('[').append(ioSession.getId()).append(']');
        SslHandler sslHandler = (SslHandler) ioSession.getAttribute(SSL_HANDLER);
        if (sslHandler == null) {
            sb.append("(no sslEngine)");
        } else if (isSslStarted(ioSession)) {
            if (sslHandler.isHandshakeComplete()) {
                sb.append("(SSL)");
            } else {
                sb.append("(ssl...)");
            }
        }
        return sb.toString();
    }

    public boolean isSslStarted(IoSession ioSession) {
        boolean z;
        SslHandler sslHandler = (SslHandler) ioSession.getAttribute(SSL_HANDLER);
        if (sslHandler == null) {
            return false;
        }
        synchronized (sslHandler) {
            z = !sslHandler.isOutboundDone();
        }
        return z;
    }

    public boolean isSecured(IoSession ioSession) {
        boolean z;
        SslHandler sslHandler = (SslHandler) ioSession.getAttribute(SSL_HANDLER);
        if (sslHandler == null) {
            return false;
        }
        synchronized (sslHandler) {
            z = !sslHandler.isOutboundDone() && sslHandler.isHandshakeComplete();
        }
        return z;
    }

    public WriteFuture stopSsl(IoSession ioSession) throws SSLException {
        WriteFuture initiateClosure;
        SslHandler sslSessionHandler = getSslSessionHandler(ioSession);
        IoFilter.NextFilter nextFilter = (IoFilter.NextFilter) ioSession.getAttribute(NEXT_FILTER);
        try {
            synchronized (sslSessionHandler) {
                initiateClosure = initiateClosure(nextFilter, ioSession);
                sslSessionHandler.flushFilterWrite();
            }
            return initiateClosure;
        } catch (SSLException e) {
            sslSessionHandler.release();
            throw e;
        }
    }

    public boolean isUseClientMode() {
        return this.client;
    }

    public void setUseClientMode(boolean z) {
        this.client = z;
    }

    public boolean isNeedClientAuth() {
        return this.needClientAuth;
    }

    public void setNeedClientAuth(boolean z) {
        this.needClientAuth = z;
    }

    public boolean isWantClientAuth() {
        return this.wantClientAuth;
    }

    public void setWantClientAuth(boolean z) {
        this.wantClientAuth = z;
    }

    public String getEndpointIdentificationAlgorithm() {
        return this.identificationAlgorithm;
    }

    public void setEndpointIdentificationAlgorithm(String str) {
        this.identificationAlgorithm = str;
    }

    public String[] getEnabledCipherSuites() {
        return this.enabledCipherSuites;
    }

    public void setEnabledCipherSuites(String[] strArr) {
        this.enabledCipherSuites = strArr;
    }

    public String[] getEnabledProtocols() {
        return this.enabledProtocols;
    }

    public void setEnabledProtocols(String[] strArr) {
        this.enabledProtocols = strArr;
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void onPreAdd(IoFilterChain ioFilterChain, String str, IoFilter.NextFilter nextFilter) throws SSLException {
        if (ioFilterChain.contains(SslFilter.class)) {
            LOGGER.error("Only one SSL filter is permitted in a chain.");
            throw new IllegalStateException("Only one SSL filter is permitted in a chain.");
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Adding the SSL Filter {} to the chain", str);
        }
        IoSession session = ioFilterChain.getSession();
        session.setAttribute(NEXT_FILTER, nextFilter);
        SslHandler sslHandler = new SslHandler(this, session);
        if (this.enabledCipherSuites == null || this.enabledCipherSuites.length == 0) {
            this.enabledCipherSuites = this.sslContext.getServerSocketFactory().getSupportedCipherSuites();
        }
        sslHandler.init();
        session.setAttribute(SSL_HANDLER, sslHandler);
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void onPostAdd(IoFilterChain ioFilterChain, String str, IoFilter.NextFilter nextFilter) throws SSLException {
        if (this.autoStart) {
            initiateHandshake(nextFilter, ioFilterChain.getSession());
        }
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void onPreRemove(IoFilterChain ioFilterChain, String str, IoFilter.NextFilter nextFilter) throws SSLException {
        IoSession session = ioFilterChain.getSession();
        stopSsl(session);
        session.removeAttribute(NEXT_FILTER);
        session.removeAttribute(SSL_HANDLER);
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void sessionClosed(IoFilter.NextFilter nextFilter, IoSession ioSession) throws SSLException {
        SslHandler sslSessionHandler = getSslSessionHandler(ioSession);
        try {
            synchronized (sslSessionHandler) {
                sslSessionHandler.destroy();
            }
        } finally {
            nextFilter.sessionClosed(ioSession);
        }
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void messageReceived(IoFilter.NextFilter nextFilter, IoSession ioSession, Object obj) throws SSLException {
        SSLException sSLException;
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("{}: Message received : {}", getSessionInfo(ioSession), obj);
        }
        SslHandler sslSessionHandler = getSslSessionHandler(ioSession);
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        synchronized (sslSessionHandler) {
            if (sslSessionHandler.isOutboundDone() && sslSessionHandler.isInboundDone()) {
                atomicBoolean.set(true);
            } else {
                atomicBoolean.set(false);
                IoBuffer ioBuffer = (IoBuffer) obj;
                try {
                    if (sslSessionHandler.isOutboundDone()) {
                        sslSessionHandler.destroy();
                        throw new SSLException("Outbound done");
                    }
                    sslSessionHandler.messageReceived(nextFilter, ioBuffer.buf());
                    handleSslData(nextFilter, sslSessionHandler);
                    if (sslSessionHandler.isInboundDone()) {
                        if (sslSessionHandler.isOutboundDone()) {
                            sslSessionHandler.destroy();
                        } else {
                            initiateClosure(nextFilter, ioSession);
                        }
                        if (ioBuffer.hasRemaining()) {
                            sslSessionHandler.scheduleMessageReceived(nextFilter, ioBuffer);
                        }
                    }
                } catch (SSLException e) {
                    if (sslSessionHandler.isHandshakeComplete()) {
                        sslSessionHandler.release();
                        sSLException = e;
                    } else {
                        SSLHandshakeException sSLHandshakeException = new SSLHandshakeException("SSL handshake failed.");
                        sSLHandshakeException.initCause(e);
                        sSLException = sSLHandshakeException;
                        ioSession.closeNow();
                    }
                    throw sSLException;
                }
            }
        }
        if (atomicBoolean.get()) {
            nextFilter.messageReceived(ioSession, obj);
        } else {
            sslSessionHandler.flushMessageReceived();
        }
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void messageSent(IoFilter.NextFilter nextFilter, IoSession ioSession, WriteRequest writeRequest) {
        if (writeRequest instanceof EncryptedWriteRequest) {
            nextFilter.messageSent(ioSession, ((EncryptedWriteRequest) writeRequest).getParentRequest());
        }
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void exceptionCaught(IoFilter.NextFilter nextFilter, IoSession ioSession, Throwable th) throws Exception {
        if (th instanceof WriteToClosedSessionException) {
            List<WriteRequest> requests = ((WriteToClosedSessionException) th).getRequests();
            boolean z = false;
            Iterator<WriteRequest> it = requests.iterator();
            while (true) {
                if (it.hasNext()) {
                    if (isCloseNotify(it.next().getMessage())) {
                        z = true;
                        break;
                    }
                } else {
                    break;
                }
            }
            if (z) {
                if (requests.size() == 1) {
                    return;
                }
                ArrayList arrayList = new ArrayList(requests.size() - 1);
                for (WriteRequest writeRequest : requests) {
                    if (!isCloseNotify(writeRequest.getMessage())) {
                        arrayList.add(writeRequest);
                    }
                }
                if (arrayList.isEmpty()) {
                    return;
                } else {
                    th = new WriteToClosedSessionException(arrayList, th.getMessage(), th.getCause());
                }
            }
        }
        nextFilter.exceptionCaught(ioSession, th);
    }

    private boolean isCloseNotify(Object obj) {
        if (!(obj instanceof IoBuffer)) {
            return false;
        }
        IoBuffer ioBuffer = (IoBuffer) obj;
        int position = ioBuffer.position();
        return ioBuffer.get(position + 0) == 21 && ioBuffer.get(position + 1) == 3 && (ioBuffer.get(position + 2) == 0 || ioBuffer.get(position + 2) == 1 || ioBuffer.get(position + 2) == 2 || ioBuffer.get(position + 2) == 3) && ioBuffer.get(position + 3) == 0;
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void filterWrite(IoFilter.NextFilter nextFilter, IoSession ioSession, WriteRequest writeRequest) throws SSLException {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("{}: Writing Message : {}", getSessionInfo(ioSession), writeRequest);
        }
        boolean z = true;
        SslHandler sslSessionHandler = getSslSessionHandler(ioSession);
        try {
            synchronized (sslSessionHandler) {
                if (!isSslStarted(ioSession)) {
                    sslSessionHandler.scheduleFilterWrite(nextFilter, writeRequest);
                } else if (ioSession.containsAttribute(DISABLE_ENCRYPTION_ONCE)) {
                    ioSession.removeAttribute(DISABLE_ENCRYPTION_ONCE);
                    sslSessionHandler.scheduleFilterWrite(nextFilter, writeRequest);
                } else {
                    IoBuffer ioBuffer = (IoBuffer) writeRequest.getMessage();
                    if (sslSessionHandler.isWritingEncryptedData()) {
                        sslSessionHandler.scheduleFilterWrite(nextFilter, writeRequest);
                    } else if (sslSessionHandler.isHandshakeComplete()) {
                        sslSessionHandler.encrypt(ioBuffer.buf());
                        IoBuffer fetchOutNetBuffer = sslSessionHandler.fetchOutNetBuffer();
                        writeRequest.setMessage(fetchOutNetBuffer);
                        sslSessionHandler.scheduleFilterWrite(nextFilter, new EncryptedWriteRequest(writeRequest, fetchOutNetBuffer));
                    } else {
                        if (ioSession.isConnected()) {
                            sslSessionHandler.schedulePreHandshakeWriteRequest(nextFilter, writeRequest);
                        }
                        z = false;
                    }
                }
                if (z) {
                    sslSessionHandler.flushFilterWrite();
                }
            }
        } catch (SSLException e) {
            sslSessionHandler.release();
            throw e;
        }
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void filterClose(final IoFilter.NextFilter nextFilter, final IoSession ioSession) throws SSLException {
        SslHandler sslHandler = (SslHandler) ioSession.getAttribute(SSL_HANDLER);
        if (sslHandler == null) {
            nextFilter.filterClose(ioSession);
            return;
        }
        WriteFuture writeFuture = null;
        try {
            try {
                synchronized (sslHandler) {
                    if (isSslStarted(ioSession)) {
                        writeFuture = initiateClosure(nextFilter, ioSession);
                        writeFuture.addListener((IoFutureListener<?>) new IoFutureListener<IoFuture>() { // from class: org.apache.mina.filter.ssl.SslFilter.1
                            @Override // org.apache.mina.core.future.IoFutureListener
                            public void operationComplete(IoFuture ioFuture) {
                                nextFilter.filterClose(ioSession);
                            }
                        });
                    }
                    sslHandler.flushFilterWrite();
                }
                writeFuture = writeFuture;
            } catch (SSLException e) {
                sslHandler.release();
                throw e;
            }
        } finally {
            if (0 == 0) {
                nextFilter.filterClose(ioSession);
            }
        }
    }

    public void initiateHandshake(IoSession ioSession) throws SSLException {
        IoFilterChain filterChain = ioSession.getFilterChain();
        if (filterChain == null) {
            throw new SSLException("No filter chain");
        }
        IoFilter.NextFilter nextFilter = filterChain.getNextFilter(SslFilter.class);
        if (nextFilter == null) {
            throw new SSLException("No SSL next filter in the chain");
        }
        initiateHandshake(nextFilter, ioSession);
    }

    private void initiateHandshake(IoFilter.NextFilter nextFilter, IoSession ioSession) throws SSLException {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("{} : Starting the first handshake", getSessionInfo(ioSession));
        }
        SslHandler sslSessionHandler = getSslSessionHandler(ioSession);
        try {
            synchronized (sslSessionHandler) {
                sslSessionHandler.handshake(nextFilter);
                sslSessionHandler.flushFilterWrite();
            }
            sslSessionHandler.flushMessageReceived();
        } catch (SSLException e) {
            sslSessionHandler.release();
            throw e;
        }
    }

    private WriteFuture initiateClosure(IoFilter.NextFilter nextFilter, IoSession ioSession) throws SSLException {
        SslHandler sslSessionHandler = getSslSessionHandler(ioSession);
        try {
            synchronized (sslSessionHandler) {
                if (!sslSessionHandler.closeOutbound()) {
                    return DefaultWriteFuture.newNotWrittenFuture(ioSession, new IllegalStateException("SSL session is shut down already."));
                }
                WriteFuture writeNetBuffer = sslSessionHandler.writeNetBuffer(nextFilter);
                if (writeNetBuffer == null) {
                    writeNetBuffer = DefaultWriteFuture.newWrittenFuture(ioSession);
                }
                if (sslSessionHandler.isInboundDone()) {
                    sslSessionHandler.destroy();
                }
                ioSession.getFilterChain().fireEvent(SslEvent.UNSECURED);
                return writeNetBuffer;
            }
        } catch (SSLException e) {
            sslSessionHandler.release();
            throw e;
        }
    }

    private void handleSslData(IoFilter.NextFilter nextFilter, SslHandler sslHandler) throws SSLException {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("{}: Processing the SSL Data ", getSessionInfo(sslHandler.getSession()));
        }
        if (sslHandler.isHandshakeComplete()) {
            sslHandler.flushPreHandshakeEvents();
        }
        sslHandler.writeNetBuffer(nextFilter);
        handleAppDataRead(nextFilter, sslHandler);
    }

    private void handleAppDataRead(IoFilter.NextFilter nextFilter, SslHandler sslHandler) {
        IoBuffer fetchAppBuffer = sslHandler.fetchAppBuffer();
        if (fetchAppBuffer.hasRemaining()) {
            sslHandler.scheduleMessageReceived(nextFilter, fetchAppBuffer);
        }
    }

    private SslHandler getSslSessionHandler(IoSession ioSession) {
        SslHandler sslHandler = (SslHandler) ioSession.getAttribute(SSL_HANDLER);
        if (sslHandler == null) {
            throw new IllegalStateException();
        }
        synchronized (sslHandler) {
            if (sslHandler.getSslFilter() != this) {
                throw new IllegalArgumentException("Not managed by this filter.");
            }
        }
        return sslHandler;
    }
}
