package org.apache.activemq.transport.nio;

import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.EOFException;
import java.io.IOException;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.net.URI;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
import java.nio.channels.SelectionKey;
import java.nio.channels.Selector;
import java.security.cert.X509Certificate;
import java.util.concurrent.CountDownLatch;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.apache.activemq.MaxFrameSizeExceededException;
import org.apache.activemq.command.ConnectionInfo;
import org.apache.activemq.openwire.OpenWireFormat;
import org.apache.activemq.thread.TaskRunnerFactory;
import org.apache.activemq.transport.nio.SelectorManager;
import org.apache.activemq.transport.tcp.TcpTransport;
import org.apache.activemq.util.IOExceptionSupport;
import org.apache.activemq.util.ServiceStopper;
import org.apache.activemq.wireformat.WireFormat;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/activemq/transport/nio/NIOSSLTransport.class */
public class NIOSSLTransport extends NIOTransport {
    private static final Logger LOG = LoggerFactory.getLogger(NIOSSLTransport.class);
    protected boolean needClientAuth;
    protected boolean wantClientAuth;
    protected String[] enabledCipherSuites;
    protected String[] enabledProtocols;
    protected boolean verifyHostName;
    protected SSLContext sslContext;
    protected SSLEngine sslEngine;
    protected SSLSession sslSession;
    protected volatile boolean handshakeInProgress;
    protected SSLEngineResult.Status status;
    protected SSLEngineResult.HandshakeStatus handshakeStatus;
    protected TaskRunnerFactory taskRunnerFactory;
    volatile boolean hasSslEngine;
    protected final CountDownLatch initialized;
    boolean openWireInititialized;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.activemq.transport.nio.NIOSSLTransport$3, reason: invalid class name */
    /* loaded from: input_file:org/apache/activemq/transport/nio/NIOSSLTransport$3.class */
    public static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    public NIOSSLTransport(WireFormat wireFormat, SocketFactory socketFactory, URI uri, URI uri2) throws UnknownHostException, IOException {
        super(wireFormat, socketFactory, uri, uri2);
        this.verifyHostName = false;
        this.handshakeInProgress = false;
        this.status = null;
        this.handshakeStatus = null;
        this.hasSslEngine = false;
        this.initialized = new CountDownLatch(1);
        this.openWireInititialized = false;
    }

    public NIOSSLTransport(WireFormat wireFormat, Socket socket, SSLEngine sSLEngine, TcpTransport.InitBuffer initBuffer, ByteBuffer byteBuffer) throws IOException {
        super(wireFormat, socket, initBuffer);
        this.verifyHostName = false;
        this.handshakeInProgress = false;
        this.status = null;
        this.handshakeStatus = null;
        this.hasSslEngine = false;
        this.initialized = new CountDownLatch(1);
        this.openWireInititialized = false;
        this.sslEngine = sSLEngine;
        if (sSLEngine != null) {
            this.sslSession = sSLEngine.getSession();
        }
        this.inputBuffer = byteBuffer;
    }

    public void setSslContext(SSLContext sSLContext) {
        this.sslContext = sSLContext;
    }

    @Override // org.apache.activemq.transport.nio.NIOTransport, org.apache.activemq.transport.tcp.TcpTransport
    protected void initializeStreams() throws IOException {
        if (this.sslEngine != null) {
            this.hasSslEngine = true;
        }
        NIOOutputStream nIOOutputStream = null;
        try {
            this.channel = this.socket.getChannel();
            this.channel.configureBlocking(false);
            if (this.sslContext == null) {
                this.sslContext = SSLContext.getDefault();
            }
            String str = null;
            int i = -1;
            try {
                URI uri = new URI(getRemoteAddress());
                str = uri.getHost();
                i = uri.getPort();
            } catch (Exception e) {
            }
            if (!this.hasSslEngine) {
                if (str == null || i == -1) {
                    this.sslEngine = this.sslContext.createSSLEngine();
                } else {
                    this.sslEngine = this.sslContext.createSSLEngine(str, i);
                }
                if (this.verifyHostName) {
                    SSLParameters sSLParameters = new SSLParameters();
                    sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
                    this.sslEngine.setSSLParameters(sSLParameters);
                }
                this.sslEngine.setUseClientMode(false);
                if (this.enabledCipherSuites != null) {
                    this.sslEngine.setEnabledCipherSuites(this.enabledCipherSuites);
                }
                if (this.enabledProtocols != null) {
                    this.sslEngine.setEnabledProtocols(this.enabledProtocols);
                }
                if (this.wantClientAuth) {
                    this.sslEngine.setWantClientAuth(this.wantClientAuth);
                }
                if (this.needClientAuth) {
                    this.sslEngine.setNeedClientAuth(this.needClientAuth);
                }
                this.sslSession = this.sslEngine.getSession();
                this.inputBuffer = ByteBuffer.allocate(this.sslSession.getPacketBufferSize());
                this.inputBuffer.clear();
            }
            nIOOutputStream = new NIOOutputStream(this.channel);
            nIOOutputStream.setEngine(this.sslEngine);
            this.dataOut = new DataOutputStream(nIOOutputStream);
            this.buffOut = nIOOutputStream;
            if (!this.hasSslEngine) {
                this.sslEngine.beginHandshake();
            }
            this.handshakeStatus = this.sslEngine.getHandshakeStatus();
            if (!this.hasSslEngine) {
                doHandshake();
            }
            this.selection = SelectorManager.getInstance().register(this.channel, new SelectorManager.Listener() { // from class: org.apache.activemq.transport.nio.NIOSSLTransport.1
                @Override // org.apache.activemq.transport.nio.SelectorManager.Listener
                public void onSelect(SelectorSelection selectorSelection) {
                    try {
                        NIOSSLTransport.this.initialized.await();
                    } catch (InterruptedException e2) {
                        NIOSSLTransport.this.onException(IOExceptionSupport.create((Exception) e2));
                    }
                    NIOSSLTransport.this.serviceRead();
                }

                @Override // org.apache.activemq.transport.nio.SelectorManager.Listener
                public void onError(SelectorSelection selectorSelection, Throwable th) {
                    if (th instanceof IOException) {
                        NIOSSLTransport.this.onException((IOException) th);
                    } else {
                        NIOSSLTransport.this.onException(IOExceptionSupport.create(th));
                    }
                }
            });
            doInit();
        } catch (Exception e2) {
            if (nIOOutputStream != null) {
                try {
                    nIOOutputStream.close();
                } catch (Exception e3) {
                    throw new IOException(e2);
                }
            }
            super.closeStreams();
            throw new IOException(e2);
        }
    }

    protected void doInit() throws Exception {
        this.taskRunnerFactory.execute(new Runnable() { // from class: org.apache.activemq.transport.nio.NIOSSLTransport.2
            @Override // java.lang.Runnable
            public void run() {
                NIOSSLTransport.this.serviceRead();
                NIOSSLTransport.this.initialized.countDown();
            }
        });
    }

    protected void doOpenWireInit() throws Exception {
        if (this.initBuffer == null || this.openWireInititialized || !(this.wireFormat instanceof OpenWireFormat)) {
            return;
        }
        this.initBuffer.buffer.flip();
        if (this.initBuffer.buffer.hasRemaining()) {
            this.nextFrameSize = -1;
            this.receiveCounter += this.initBuffer.readSize;
            processCommand(this.initBuffer.buffer);
            processCommand(this.initBuffer.buffer);
            this.initBuffer.buffer.clear();
            this.openWireInititialized = true;
        }
    }

    protected void finishHandshake() throws Exception {
        if (this.handshakeInProgress) {
            this.handshakeInProgress = false;
            this.nextFrameSize = -1;
            this.sslSession = this.sslEngine.getSession();
        }
    }

    @Override // org.apache.activemq.transport.nio.NIOTransport
    public void serviceRead() {
        try {
            if (this.handshakeInProgress) {
                doHandshake();
            }
            doOpenWireInit();
            ByteBuffer allocate = ByteBuffer.allocate(this.sslSession.getApplicationBufferSize());
            allocate.position(allocate.limit());
            while (!isStopped()) {
                if (!allocate.hasRemaining()) {
                    int secureRead = secureRead(allocate);
                    if (secureRead != 0) {
                        if (secureRead == -1) {
                            onException(new EOFException());
                            this.selection.close();
                        } else {
                            this.receiveCounter += secureRead;
                        }
                    }
                    return;
                }
                if (this.status == SSLEngineResult.Status.OK && this.handshakeStatus != SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                    processCommand(allocate);
                }
            }
        } catch (IOException e) {
            onException(e);
        } catch (Throwable th) {
            onException(IOExceptionSupport.create(th));
        }
    }

    protected void processCommand(ByteBuffer byteBuffer) throws Exception {
        if (this.nextFrameSize != -1) {
            if (this.currentBuffer != null) {
                if (this.currentBuffer.remaining() >= byteBuffer.remaining()) {
                    this.currentBuffer.put(byteBuffer);
                } else {
                    byte[] bArr = new byte[this.currentBuffer.remaining()];
                    byteBuffer.get(bArr);
                    this.currentBuffer.put(bArr);
                }
                if (this.currentBuffer.hasRemaining()) {
                    return;
                }
                this.currentBuffer.flip();
                doConsume(this.wireFormat.unmarshal(new DataInputStream(new NIOInputStream(this.currentBuffer))));
                this.nextFrameSize = -1;
                this.currentBuffer = null;
                return;
            }
            return;
        }
        if (byteBuffer.remaining() < 32) {
            if (this.currentBuffer == null) {
                this.currentBuffer = ByteBuffer.allocate(4);
            }
            while (this.currentBuffer.hasRemaining() && byteBuffer.hasRemaining()) {
                this.currentBuffer.put(byteBuffer.get());
            }
            if (this.currentBuffer.hasRemaining()) {
                return;
            }
            this.currentBuffer.flip();
            this.nextFrameSize = this.currentBuffer.getInt();
        } else if (this.currentBuffer != null) {
            while (this.currentBuffer.hasRemaining()) {
                this.currentBuffer.put(byteBuffer.get());
            }
            this.currentBuffer.flip();
            this.nextFrameSize = this.currentBuffer.getInt();
        } else {
            this.nextFrameSize = byteBuffer.getInt();
        }
        if (this.wireFormat instanceof OpenWireFormat) {
            OpenWireFormat openWireFormat = (OpenWireFormat) this.wireFormat;
            long maxFrameSize = openWireFormat.getMaxFrameSize();
            if (openWireFormat.isMaxFrameSizeEnabled() && this.nextFrameSize > maxFrameSize) {
                throw new MaxFrameSizeExceededException("Frame size of " + (this.nextFrameSize / 1048576) + " MB larger than max allowed " + (maxFrameSize / 1048576) + " MB");
            }
        }
        this.currentBuffer = ByteBuffer.allocate(this.nextFrameSize + 4);
        this.currentBuffer.putInt(this.nextFrameSize);
    }

    protected synchronized int secureRead(ByteBuffer byteBuffer) throws Exception {
        SSLEngineResult unwrap;
        if (this.inputBuffer.position() == 0 || !this.inputBuffer.hasRemaining() || this.status == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
            int read = this.channel.read(this.inputBuffer);
            if (read == 0 && !this.sslEngine.getHandshakeStatus().equals(SSLEngineResult.HandshakeStatus.NEED_UNWRAP)) {
                return 0;
            }
            if (read == -1) {
                this.sslEngine.closeInbound();
                if (this.inputBuffer.position() == 0 || this.status == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                    return -1;
                }
            }
        }
        byteBuffer.clear();
        this.inputBuffer.flip();
        do {
            unwrap = this.sslEngine.unwrap(this.inputBuffer, byteBuffer);
            if (unwrap.getStatus() != SSLEngineResult.Status.OK || unwrap.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                break;
            }
        } while (unwrap.bytesProduced() == 0);
        if (unwrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED) {
            finishHandshake();
        }
        this.status = unwrap.getStatus();
        this.handshakeStatus = unwrap.getHandshakeStatus();
        if (this.status == SSLEngineResult.Status.CLOSED) {
            this.sslEngine.closeInbound();
            return -1;
        }
        this.inputBuffer.compact();
        byteBuffer.flip();
        return byteBuffer.remaining();
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:4:0x001d. Please report as an issue. */
    protected void doHandshake() throws Exception {
        this.handshakeInProgress = true;
        Selector selector = null;
        SelectionKey selectionKey = null;
        boolean z = true;
        while (true) {
            try {
                switch (AnonymousClass3.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[this.sslEngine.getHandshakeStatus().ordinal()]) {
                    case 1:
                        if (z) {
                            secureRead(ByteBuffer.allocate(this.sslSession.getApplicationBufferSize()));
                        }
                        if (this.status == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                            long currentTimeMillis = System.currentTimeMillis();
                            if (selector == null) {
                                selector = Selector.open();
                                selectionKey = this.channel.register(selector, 1);
                            } else {
                                selectionKey.interestOps(1);
                            }
                            if (selector.select(getSoTimeout()) == 0 && getSoTimeout() > 0 && System.currentTimeMillis() - currentTimeMillis >= getSoTimeout()) {
                                throw new SocketTimeoutException("Timeout during handshake");
                            }
                            z = selectionKey.isReadable();
                        } else {
                            continue;
                        }
                        break;
                    case 2:
                        while (true) {
                            Runnable delegatedTask = this.sslEngine.getDelegatedTask();
                            if (delegatedTask != null) {
                                delegatedTask.run();
                            }
                        }
                        break;
                    case 3:
                        ((NIOOutputStream) this.buffOut).write(ByteBuffer.allocate(0));
                    case 4:
                    case 5:
                        finishHandshake();
                        if (selectionKey != null) {
                            try {
                                selectionKey.cancel();
                            } catch (Exception e) {
                            }
                        }
                        if (selector != null) {
                            try {
                                selector.close();
                                return;
                            } catch (Exception e2) {
                                return;
                            }
                        }
                        return;
                }
            } catch (Throwable th) {
                if (selectionKey != null) {
                    try {
                        selectionKey.cancel();
                    } catch (Exception e3) {
                    }
                }
                if (selector != null) {
                    try {
                        selector.close();
                    } catch (Exception e4) {
                    }
                }
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.activemq.transport.nio.NIOTransport, org.apache.activemq.transport.tcp.TcpTransport, org.apache.activemq.transport.TransportThreadSupport, org.apache.activemq.util.ServiceSupport
    public void doStart() throws Exception {
        this.taskRunnerFactory = new TaskRunnerFactory("ActiveMQ NIOSSLTransport Task");
        super.doStart();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.activemq.transport.nio.NIOTransport, org.apache.activemq.transport.tcp.TcpTransport, org.apache.activemq.util.ServiceSupport
    public void doStop(ServiceStopper serviceStopper) throws Exception {
        this.initialized.countDown();
        if (this.taskRunnerFactory != null) {
            this.taskRunnerFactory.shutdownNow();
            this.taskRunnerFactory = null;
        }
        if (this.channel != null) {
            this.channel.close();
            this.channel = null;
        }
        super.doStop(serviceStopper);
    }

    @Override // org.apache.activemq.transport.TransportSupport
    public void doConsume(Object obj) {
        if (obj instanceof ConnectionInfo) {
            ((ConnectionInfo) obj).setTransportContext(getPeerCertificates());
        }
        super.doConsume(obj);
    }

    @Override // org.apache.activemq.transport.tcp.TcpTransport, org.apache.activemq.transport.Transport
    public X509Certificate[] getPeerCertificates() {
        X509Certificate[] x509CertificateArr = null;
        try {
            if (this.sslEngine.getSession() != null) {
                x509CertificateArr = (X509Certificate[]) this.sslEngine.getSession().getPeerCertificates();
            }
        } catch (SSLPeerUnverifiedException e) {
            if (LOG.isTraceEnabled()) {
                LOG.trace("Failed to get peer certificates.", e);
            }
        }
        return x509CertificateArr;
    }

    public boolean isNeedClientAuth() {
        return this.needClientAuth;
    }

    public void setNeedClientAuth(boolean z) {
        this.needClientAuth = z;
    }

    public boolean isWantClientAuth() {
        return this.wantClientAuth;
    }

    public void setWantClientAuth(boolean z) {
        this.wantClientAuth = z;
    }

    public String[] getEnabledCipherSuites() {
        return this.enabledCipherSuites;
    }

    public void setEnabledCipherSuites(String[] strArr) {
        this.enabledCipherSuites = strArr;
    }

    public String[] getEnabledProtocols() {
        return this.enabledProtocols;
    }

    public void setEnabledProtocols(String[] strArr) {
        this.enabledProtocols = strArr;
    }

    public boolean isVerifyHostName() {
        return this.verifyHostName;
    }

    public void setVerifyHostName(boolean z) {
        this.verifyHostName = z;
    }
}
