package org.springframework.integration.ip.tcp.connection;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.SocketChannel;
import java.util.concurrent.Semaphore;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.integration.ip.tcp.connection.TcpNioConnection;
import org.springframework.integration.ip.tcp.serializer.AbstractByteArraySerializer;
import org.springframework.integration.ip.tcp.serializer.ByteArrayLengthHeaderSerializer;
import org.springframework.integration.ip.tcp.serializer.ByteArrayStxEtxSerializer;
import org.springframework.lang.Nullable;
import org.springframework.messaging.MessagingException;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/integration/ip/tcp/connection/TcpNioSSLConnection.class */
public class TcpNioSSLConnection extends TcpNioConnection {
    private static final int DEFAULT_HANDSHAKE_TIMEOUT = 30;
    private final SSLEngine sslEngine;
    private volatile ByteBuffer decoded;
    private volatile ByteBuffer encoded;
    private volatile SSLChannelOutputStream sslChannelOutputStream;
    private final Semaphore semaphore;
    private final Object monitorLock;
    private volatile boolean writerActive;
    private volatile int handshakeTimeout;
    private boolean needMoreNetworkData;
    private SSLHandshakeException sslFatal;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.springframework.integration.ip.tcp.connection.TcpNioSSLConnection$1, reason: invalid class name */
    /* loaded from: input_file:org/springframework/integration/ip/tcp/connection/TcpNioSSLConnection$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/springframework/integration/ip/tcp/connection/TcpNioSSLConnection$SSLChannelOutputStream.class */
    public final class SSLChannelOutputStream extends TcpNioConnection.ChannelOutputStream {
        private final TcpNioConnection.ChannelOutputStream channelOutputStream;

        private SSLChannelOutputStream(TcpNioConnection.ChannelOutputStream channelOutputStream) {
            super(TcpNioSSLConnection.this);
            this.channelOutputStream = channelOutputStream;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.springframework.integration.ip.tcp.connection.TcpNioConnection.ChannelOutputStream
        public synchronized void doWrite(ByteBuffer byteBuffer) throws IOException {
            try {
                TcpNioSSLConnection.this.writerActive = true;
                int remaining = byteBuffer.remaining();
                while (remaining > 0) {
                    SSLEngineResult encode = encode(byteBuffer);
                    if (TcpNioSSLConnection.this.logger.isDebugEnabled()) {
                        TcpNioSSLConnection.this.logger.debug("doWrite: " + TcpNioSSLConnection.this.resultToString(encode));
                    }
                    if (encode.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
                        writeEncodedIfAny();
                        if (byteBuffer.remaining() >= remaining) {
                            throw new MessagingException("Unexpected condition - SSL wrap did not consume any data; remaining = " + remaining);
                        }
                        remaining = byteBuffer.remaining();
                    } else {
                        doClientSideHandshake(byteBuffer, encode);
                        writeEncodedIfAny();
                    }
                }
            } finally {
                TcpNioSSLConnection.this.writerActive = false;
            }
        }

        private void doClientSideHandshake(ByteBuffer byteBuffer, SSLEngineResult sSLEngineResult) throws IOException {
            SSLEngineResult sSLEngineResult2 = sSLEngineResult;
            TcpNioSSLConnection.this.semaphore.drainPermits();
            SSLEngineResult.HandshakeStatus handshakeStatus = TcpNioSSLConnection.this.sslEngine.getHandshakeStatus();
            while (handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
                writeEncodedIfAny();
                handshakeStatus = TcpNioSSLConnection.this.runTasksIfNeeded(sSLEngineResult2);
                if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                    handshakeStatus = waitForHandshakeData(sSLEngineResult2);
                }
                if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP || handshakeStatus == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING || handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED) {
                    sSLEngineResult2 = encode(byteBuffer);
                    handshakeStatus = sSLEngineResult2.getHandshakeStatus();
                    if (handshakeStatus == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING || handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED) {
                        return;
                    }
                } else {
                    TcpNioSSLConnection.this.logger.debug(handshakeStatus);
                }
            }
        }

        private void writeEncodedIfAny() throws IOException {
            TcpNioSSLConnection.this.encoded.flip();
            writeEncoded(TcpNioSSLConnection.this.encoded);
            TcpNioSSLConnection.this.encoded.clear();
        }

        private SSLEngineResult.HandshakeStatus waitForHandshakeData(SSLEngineResult sSLEngineResult) throws IOException {
            try {
                TcpNioSSLConnection.this.logger.trace("Writer waiting for handshake");
                if (!TcpNioSSLConnection.this.semaphore.tryAcquire(TcpNioSSLConnection.this.handshakeTimeout, TimeUnit.SECONDS)) {
                    throw new MessagingException("SSL Handshaking taking too long");
                }
                if (TcpNioSSLConnection.this.sslFatal != null) {
                    throw TcpNioSSLConnection.this.sslFatal;
                }
                if (!TcpNioSSLConnection.this.isOpen()) {
                    throw new IOException("Socket closed during SSL Handshake");
                }
                TcpNioSSLConnection.this.logger.trace("Writer resuming handshake");
                return TcpNioSSLConnection.this.runTasksIfNeeded(sSLEngineResult);
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                throw new MessagingException("Interrupted during SSL Handshaking");
            }
        }

        private SSLEngineResult encode(ByteBuffer byteBuffer) throws SSLException, IOException {
            TcpNioSSLConnection.this.encoded.clear();
            SSLEngineResult wrap = TcpNioSSLConnection.this.sslEngine.wrap(byteBuffer, TcpNioSSLConnection.this.encoded);
            if (TcpNioSSLConnection.this.logger.isDebugEnabled()) {
                TcpNioSSLConnection.this.logger.debug("After wrap: " + TcpNioSSLConnection.this.resultToString(wrap) + " Plaintext buffer @" + byteBuffer.position() + "/" + byteBuffer.limit());
            }
            if (wrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                TcpNioSSLConnection.this.encoded = TcpNioSSLConnection.this.allocateEncryptionBuffer(TcpNioSSLConnection.this.sslEngine.getSession().getPacketBufferSize());
                wrap = TcpNioSSLConnection.this.sslEngine.wrap(byteBuffer, TcpNioSSLConnection.this.encoded);
            }
            return wrap;
        }

        void writeEncoded(ByteBuffer byteBuffer) throws IOException {
            this.channelOutputStream.doWrite(byteBuffer);
        }

        /* synthetic */ SSLChannelOutputStream(TcpNioSSLConnection tcpNioSSLConnection, TcpNioConnection.ChannelOutputStream channelOutputStream, AnonymousClass1 anonymousClass1) {
            this(channelOutputStream);
        }
    }

    public TcpNioSSLConnection(SocketChannel socketChannel, boolean z, boolean z2, ApplicationEventPublisher applicationEventPublisher, @Nullable String str, SSLEngine sSLEngine) throws Exception {
        super(socketChannel, z, z2, applicationEventPublisher, str);
        this.semaphore = new Semaphore(0);
        this.monitorLock = new Object();
        this.handshakeTimeout = DEFAULT_HANDSHAKE_TIMEOUT;
        this.sslEngine = sSLEngine;
    }

    public void setHandshakeTimeout(int i) {
        this.handshakeTimeout = i;
    }

    @Override // org.springframework.integration.ip.tcp.connection.TcpNioConnection, org.springframework.integration.ip.tcp.connection.TcpConnection
    public SSLSession getSslSession() {
        return this.sslEngine.getSession();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.integration.ip.tcp.connection.TcpNioConnection
    public void sendToPipe(ByteBuffer byteBuffer) throws IOException {
        Assert.notNull(byteBuffer, "rawBuffer cannot be null");
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("sendToPipe " + this.sslEngine.getHandshakeStatus() + ", remaining: " + byteBuffer.remaining());
        }
        SSLEngineResult sSLEngineResult = null;
        while (!this.needMoreNetworkData) {
            try {
                sSLEngineResult = decode(byteBuffer);
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("result " + resultToString(sSLEngineResult) + ", remaining: " + byteBuffer.remaining());
                }
            } catch (SSLHandshakeException e) {
                this.sslFatal = e;
                this.semaphore.release();
                throw e;
            }
        }
        this.needMoreNetworkData = false;
        if (sSLEngineResult.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
            byteBuffer.compact();
        } else {
            byteBuffer.clear();
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("sendToPipe.x " + resultToString(sSLEngineResult) + ", remaining: " + byteBuffer.remaining());
        }
    }

    private SSLEngineResult decode(ByteBuffer byteBuffer) throws IOException {
        SSLEngineResult sSLEngineResult = new SSLEngineResult(SSLEngineResult.Status.OK, this.sslEngine.getHandshakeStatus(), 0, 0);
        switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[this.sslEngine.getHandshakeStatus().ordinal()]) {
            case 1:
                runTasks();
                break;
            case 2:
            case ByteArrayStxEtxSerializer.ETX /* 3 */:
            case ByteArrayLengthHeaderSerializer.HEADER_SIZE_INT /* 4 */:
                this.decoded.clear();
                sSLEngineResult = this.sslEngine.unwrap(byteBuffer, this.decoded);
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("After unwrap: " + resultToString(sSLEngineResult));
                }
                if (sSLEngineResult.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                    this.decoded = allocateEncryptionBuffer(this.sslEngine.getSession().getApplicationBufferSize());
                }
                if (sSLEngineResult.bytesProduced() > 0) {
                    this.decoded.flip();
                    super.sendToPipe(this.decoded);
                    break;
                }
                break;
            case 5:
                if (!resumeWriterIfNeeded()) {
                    this.encoded.clear();
                    sSLEngineResult = this.sslEngine.wrap(byteBuffer, this.encoded);
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug("After wrap: " + resultToString(sSLEngineResult));
                    }
                    if (sSLEngineResult.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW) {
                        this.encoded.flip();
                        getSSLChannelOutputStream().writeEncoded(this.encoded);
                        break;
                    } else {
                        this.encoded = allocateEncryptionBuffer(this.sslEngine.getSession().getPacketBufferSize());
                        break;
                    }
                }
                break;
        }
        switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[sSLEngineResult.getHandshakeStatus().ordinal()]) {
            case ByteArrayStxEtxSerializer.ETX /* 3 */:
                resumeWriterIfNeeded();
            case 2:
            case ByteArrayLengthHeaderSerializer.HEADER_SIZE_INT /* 4 */:
                this.needMoreNetworkData = sSLEngineResult.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || byteBuffer.remaining() == 0;
                break;
        }
        return sSLEngineResult;
    }

    private boolean resumeWriterIfNeeded() {
        if (!this.writerActive) {
            return false;
        }
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("Waking sender, permits: " + this.semaphore.availablePermits());
        }
        this.semaphore.release();
        return true;
    }

    private void runTasks() {
        while (true) {
            Runnable delegatedTask = this.sslEngine.getDelegatedTask();
            if (delegatedTask == null) {
                return;
            } else {
                delegatedTask.run();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SSLEngineResult.HandshakeStatus runTasksIfNeeded(SSLEngineResult sSLEngineResult) throws IOException {
        if (sSLEngineResult != null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Running tasks if needed " + resultToString(sSLEngineResult));
            }
            if (sSLEngineResult.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                runTasks();
            }
        }
        SSLEngineResult.HandshakeStatus handshakeStatus = this.sslEngine.getHandshakeStatus();
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("New handshake status " + handshakeStatus);
        }
        return handshakeStatus;
    }

    public void init() throws IOException {
        if (this.decoded == null) {
            this.decoded = allocateEncryptionBuffer(AbstractByteArraySerializer.DEFAULT_MAX_MESSAGE_SIZE);
            this.encoded = allocateEncryptionBuffer(AbstractByteArraySerializer.DEFAULT_MAX_MESSAGE_SIZE);
            initilizeEngine();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ByteBuffer allocateEncryptionBuffer(int i) {
        return isUsingDirectBuffers() ? ByteBuffer.allocateDirect(i) : ByteBuffer.allocate(i);
    }

    private void initilizeEngine() throws IOException {
        this.sslEngine.setUseClientMode(!isServer());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.integration.ip.tcp.connection.TcpNioConnection
    public TcpNioConnection.ChannelOutputStream getChannelOutputStream() {
        SSLChannelOutputStream sSLChannelOutputStream;
        synchronized (this.monitorLock) {
            if (this.sslChannelOutputStream == null) {
                this.sslChannelOutputStream = new SSLChannelOutputStream(this, super.getChannelOutputStream(), null);
            }
            sSLChannelOutputStream = this.sslChannelOutputStream;
        }
        return sSLChannelOutputStream;
    }

    protected SSLChannelOutputStream getSSLChannelOutputStream() {
        return this.sslChannelOutputStream == null ? (SSLChannelOutputStream) getChannelOutputStream() : this.sslChannelOutputStream;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String resultToString(SSLEngineResult sSLEngineResult) {
        return sSLEngineResult.toString().replace('\n', ' ');
    }

    @Override // org.springframework.integration.ip.tcp.connection.TcpNioConnection, org.springframework.integration.ip.tcp.connection.TcpConnectionSupport, org.springframework.integration.ip.tcp.connection.TcpConnection
    public void close() {
        super.close();
        this.semaphore.release();
    }
}
