package com.sun.grizzly.portunif;

import com.sun.grizzly.Context;
import com.sun.grizzly.Controller;
import com.sun.grizzly.SSLConfig;
import com.sun.grizzly.util.SSLSelectionKeyAttachment;
import com.sun.grizzly.util.SSLUtils;
import com.sun.grizzly.util.SelectionKeyAttachment;
import java.io.EOFException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.SelectableChannel;
import java.nio.channels.SelectionKey;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;

/* loaded from: input_file:com/sun/grizzly/portunif/TLSPUPreProcessor.class */
public class TLSPUPreProcessor implements PUPreProcessor {
    public static final String ID = "TLS";
    private static final String TMP_DECODED_BUFFER = "TMP_DECODED_BUFFER";
    private SSLContext sslContext;
    private boolean needClientAuth = false;
    private boolean wantClientAuth = false;
    private static Logger logger = Controller.logger();

    public TLSPUPreProcessor() {
    }

    public TLSPUPreProcessor(SSLConfig sSLConfig) {
        configure(sSLConfig);
    }

    public TLSPUPreProcessor(SSLContext sSLContext) {
        this.sslContext = sSLContext;
    }

    @Override // com.sun.grizzly.portunif.PUPreProcessor
    public String getId() {
        return ID;
    }

    @Override // com.sun.grizzly.portunif.PUPreProcessor
    public boolean process(Context context, PUProtocolRequest pUProtocolRequest) throws IOException {
        SSLEngine createSSLEngine;
        if (this.sslContext == null) {
            if (!logger.isLoggable(Level.WARNING)) {
                return false;
            }
            logger.log(Level.WARNING, "Grizzly Port unification warning. TLSPreProcessor will be skept. SSLContext in NULL!");
            return false;
        }
        SelectionKey selectionKey = context.getSelectionKey();
        SelectableChannel channel = selectionKey.channel();
        Object attachment = SelectionKeyAttachment.getAttachment(selectionKey);
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "SelectionKeyAttachment: " + selectionKey);
        }
        if (attachment == null || !(attachment instanceof SSLSelectionKeyAttachment)) {
            createSSLEngine = this.sslContext.createSSLEngine();
            createSSLEngine.setUseClientMode(false);
            createSSLEngine.setNeedClientAuth(this.needClientAuth);
            createSSLEngine.setWantClientAuth(this.wantClientAuth);
        } else {
            createSSLEngine = ((SSLSelectionKeyAttachment) attachment).getSslEngine();
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "sslEngine: " + createSSLEngine);
        }
        ByteBuffer securedInputByteBuffer = pUProtocolRequest.getSecuredInputByteBuffer();
        ByteBuffer securedOutputByteBuffer = pUProtocolRequest.getSecuredOutputByteBuffer();
        ByteBuffer byteBuffer = pUProtocolRequest.getByteBuffer();
        int packetBufferSize = createSSLEngine.getSession().getPacketBufferSize();
        if (securedInputByteBuffer == null || (securedInputByteBuffer != null && packetBufferSize > securedInputByteBuffer.capacity())) {
            securedInputByteBuffer = ByteBuffer.allocate(packetBufferSize * 2);
            pUProtocolRequest.setSecuredInputByteBuffer(securedInputByteBuffer);
        }
        if (securedOutputByteBuffer == null || (securedOutputByteBuffer != null && packetBufferSize > securedOutputByteBuffer.capacity())) {
            securedOutputByteBuffer = ByteBuffer.allocate(packetBufferSize * 2);
            pUProtocolRequest.setSecuredOutputByteBuffer(securedOutputByteBuffer);
        }
        int applicationBufferSize = createSSLEngine.getSession().getApplicationBufferSize();
        if (byteBuffer == null || applicationBufferSize > byteBuffer.capacity()) {
            ByteBuffer allocate = ByteBuffer.allocate(packetBufferSize);
            byteBuffer.flip();
            allocate.put(byteBuffer);
            byteBuffer = allocate;
            pUProtocolRequest.setByteBuffer(byteBuffer);
        }
        securedInputByteBuffer.clear();
        securedOutputByteBuffer.position(0);
        securedOutputByteBuffer.limit(0);
        securedInputByteBuffer.put((ByteBuffer) byteBuffer.flip());
        byteBuffer.clear();
        boolean isValid = createSSLEngine.getSession().isValid();
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "Is session valid: " + isValid);
        }
        if (isValid) {
            ByteBuffer byteBuffer2 = (ByteBuffer) context.removeAttribute(TMP_DECODED_BUFFER);
            if (byteBuffer2 != null) {
                byteBuffer.put(byteBuffer2);
            }
        } else {
            try {
                byteBuffer = SSLUtils.doHandshake(channel, byteBuffer, securedInputByteBuffer, securedOutputByteBuffer, createSSLEngine, SSLEngineResult.HandshakeStatus.NEED_UNWRAP, SSLUtils.getReadTimeout(), securedInputByteBuffer.position() > 0);
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "handshake is done");
                }
                selectionKey.attach(SSLSelectionKeyAttachment.create(selectionKey, createSSLEngine));
                pUProtocolRequest.setSSLEngine(createSSLEngine);
                securedOutputByteBuffer.limit(securedOutputByteBuffer.position());
                isValid = true;
            } catch (EOFException e) {
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "handshake failed", (Throwable) e);
                }
            } catch (Exception e2) {
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "handshake failed", (Throwable) e2);
                }
                byteBuffer.put(securedInputByteBuffer);
            }
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "after handshake. isComplete: " + isValid);
        }
        if (isValid) {
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "secured bytebuffer: " + securedInputByteBuffer);
            }
            int doRead = securedInputByteBuffer.position() == 0 ? SSLUtils.doRead(channel, securedInputByteBuffer, createSSLEngine, SSLUtils.getReadTimeout()) : securedInputByteBuffer.position();
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "secured bytebuffer additional read: " + doRead);
            }
            if (doRead <= -1) {
                throw new EOFException();
            }
            pUProtocolRequest.setByteBuffer(SSLUtils.unwrapAll(byteBuffer, securedInputByteBuffer, createSSLEngine));
        }
        return isValid;
    }

    @Override // com.sun.grizzly.portunif.PUPreProcessor
    public void postProcess(Context context, PUProtocolRequest pUProtocolRequest) {
        ByteBuffer byteBuffer = pUProtocolRequest.getByteBuffer();
        byteBuffer.flip();
        if (byteBuffer.hasRemaining()) {
            ByteBuffer allocate = ByteBuffer.allocate(byteBuffer.remaining());
            allocate.put(byteBuffer);
            allocate.flip();
            context.setAttribute(TMP_DECODED_BUFFER, allocate);
        }
        ByteBuffer securedInputByteBuffer = pUProtocolRequest.getSecuredInputByteBuffer();
        securedInputByteBuffer.flip();
        byteBuffer.clear();
        byteBuffer.put(securedInputByteBuffer);
        securedInputByteBuffer.clear();
    }

    public void setSSLContext(SSLContext sSLContext) {
        this.sslContext = sSLContext;
    }

    public void configure(SSLConfig sSLConfig) {
        this.sslContext = sSLConfig.createSSLContext();
        this.wantClientAuth = sSLConfig.isWantClientAuth();
        this.needClientAuth = sSLConfig.isNeedClientAuth();
    }

    public SSLContext getSSLContext() {
        return this.sslContext;
    }

    public boolean isNeedClientAuth() {
        return this.needClientAuth;
    }

    public void setNeedClientAuth(boolean z) {
        this.needClientAuth = z;
    }

    public boolean isWantClientAuth() {
        return this.wantClientAuth;
    }

    public void setWantClientAuth(boolean z) {
        this.wantClientAuth = z;
    }
}
